Add Rails' built-in CSRF protection

[dee-see]

The HTML contains the anti-CSRF token in

letter_opener_web/app/views/layouts/letter_opener_web/letters.html.erb

Line 9 in feea82d

<%= csrf_meta_tags %>

however the protect_from_forgery call was missing from ApplicationController.

[fgrehm]

Hey @dee-see , just a heads up that this is something that will come along with the upcoming 2.0 I got in the works, see the PR linked above for more.

If you have the time, it'd be great if you could give that branch a try as well, tks in advance!

[fgrehm]

Just got a pre-release ready to go. Please give that a try when you get a chance and I'll also just ping more folks for testing before a final release. This PR should auto close after code is on master.

Thanks for your contribution!

[dee-see]

Seems to be working well. There's only a clear button now and no way to delete an individual "letter" is that right?

[fgrehm]

Seems to be working well. There's only a clear button now and no way to delete an individual "letter" is that right?

Good catch! I've updated the TODO list on the PR to remind me of that before final release. If by any chance you or someone else has the time to implement that feel free to submit a PR. I'll also try to get that done next week

[fgrehm]

Hey @dee-see, just pushed 3ab59e4 and cut a new 2.0.0.pre.beta release of the gem. Please give that a shot when you get a chance and report back in #113 if things look good to ya