Add note about adding CSRF token to Leaf pages

brokenhandsio · Sep 2, 2020 · c0b165a · c0b165a
1 parent dafda5d
commit c0b165a
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -76,6 +76,15 @@ let context = MyPageContext(csrfToken: csrfToken)
 return req.view.render("myPage", context)
 ```
 
+You then need to return the token when the form is submitted. With Leaf, this would look something like:
+
+```html
+<form method="post">
+    <input type="hidden" name="csrfToken" value="#(csrfToken)">
+    <input type="submit" value="Submit">
+</form>
+```
+
 ### POST routes
 
 You can protect your POST routes either with Middleware or manually verifying the token.