module Roda::RodaPlugins::RouteCsrf::InstanceMethods

def csrf_secret

JSON is used for session serialization).
secret, stored base64 encoded in the session (to handle cases where
If a secret has not already been specified, generate a random 32-byte
def csrf_secret
  key = session[csrf_options[:key]] ||= SecureRandom.base64(32)
  Base64.strict_decode64(key)
end