added csrf middleware

agreif · Jul 15, 2016 · 6cab48d · 6cab48d
1 parent 5db5ff6
commit 6cab48d
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/hashdb-auth/src/Foundation.hs b/hashdb-auth/src/Foundation.hs
@@ -61,8 +61,9 @@ instance Yesod App where
     -- Some users may also want to add the defaultCsrfMiddleware, which:
     --   a) Sets a cookie with a CSRF token in it.
     --   b) Validates that incoming write requests include that token in either a header or POST parameter.
+    -- To add it, chain it together with the defaultMiddleware: yesodMiddleware = defaultYesodMiddleware . defaultCsrfMiddleware
     -- For details, see the CSRF documentation in the Yesod.Core.Handler module of the yesod-core package.
-    yesodMiddleware = defaultYesodMiddleware
+    yesodMiddleware = defaultYesodMiddleware . defaultCsrfMiddleware
 
     defaultLayout widget = do
         master <- getYesod