CSRF conflict in Plug/Phoenix configuration #50
Description
I had put wobserver behind a protected pipeline that included plug :protect_from_forgery (a wrapper around plug Plug.CSRFProtection) and could not get wobserver working at all (Safari would refuse to load the app.js for wobserver and the log would report a CSRF protection violation for cross-origin resources).
As soon as I removed :protect_from_forgery from the pipeline, wobserver worked just fine. It would be great to have documentation on how to enable CSRF protection, but at a minimum, users should be warned that wobserver is not currently compatible with Plug.CSRFProtection and :protect_from_forgery.