From the examples, using the default ejs mechanism, the hidden input needed to protect csrf is:
<input type="hidden" name="_csrf" value="<%= _csrf %>" />
What is the jade equivalent? It:
input(type="hidden", name="_csrf", value='#{_csrf}')
Thank.
EDIT: I tried both value='#{_csrf}', and value=#{_csrf}, and I'm sure they are not correct, as they do not display the correct csrf token.
source
share