Как использовать Plack::Middleware::CSRFBlock с Dancer?

Я хочу защитить все формы от CSRF с Dancer,

Я пытался с помощью Plack::Middleware::CSRFBlock, но ошибка сказала "CSRFBlock нуждается в сеансе." Даже если я использую Plack::SessionУ форм не было скрытого поля ввода, содержащего один токен.

Есть ли хорошая практика для этого? Любой совет высоко ценится.

мой environment/development.yml является:

# configuration file for development environment

# the logger engine to use
# console: log messages to STDOUT (your console where you started the
#          application server)
# file:    log message to a file in log/
logger: "console"

# the log level for this environment
# core is the lowest, it shows Dancer's core log messages as well as yours
# (debug, info, warning and error)
log: "core"

# should Dancer consider warnings as critical errors?
warnings: 1

# should Dancer show a stacktrace when an error is caught?
show_errors: 1

# auto_reload is a development and experimental feature
# you should enable it by yourself if you want it
# Module::Refresh is needed 
# 
# Be aware it's unstable and may cause a memory leak.
# DO NOT EVER USE THIS FEATURE IN PRODUCTION 
# OR TINY KITTENS SHALL DIE WITH LOTS OF SUFFERING
auto_reload: 0

session: Simple
#session: YAML

plack_middlewares:
    -
        #- Session
        - CSRFBlock
        - Debug
        - panels
        -
            - Parameters
            - Dancer::Version
            - Dancer::Settings
            - Memory

и маршрут такой:

get '/test' => sub {
    return <<EOM
        <!DOCTYPE html>
        <html>
        <head><title>test route</title></head>
        <body>
            <form action="./foobar" method="post">
            <input type="text"/>
            <input type="submit"/>
            </form>
        </body>
        </html>
EOM
};