Plug 0.10.0 moves CSRF tokens from cookies back to sessions. To avoid future bumps on the road, a get_csrf_token/0
function has been added to controllers and imported into views. Update all your csrf token reference code to use the new function. Additionally, form_tag
and link
helpers have been added that will inject the csrf token for you automatically. You should transition to these new functions where possible, ie:
<%= form_tag("/hello", method: :post) %>
... your form stuff. csrf is inject for you
</form>