Menu
In the config/application_controller.rb file in my Rails application directory, I found the code below:
class ApplicationController < ActionController::Base
protect_from_forgery
end
Can any one tell me what project_from_forgery means and why it is being used?
281
Rails includes a built-in mechanism for preventing CSRF, protect_from_forgery , which is included by default in the application_controller. rb controller when generating new applications. This protect_from_forgery method leverages magic to ensure that your application is protected from hackers!
verify_authenticity_token() private. The actual before_action that is used to verify the CSRF token. Don't override this directly. Provide your own forgery protection strategy instead.
Briefly, Cross-Site Request Forgery (CSRF) is an attack that allows a malicious user to spoof legitimate requests to your server, masquerading as an authenticated user. Rails protects against this kind of attack by generating unique tokens and validating their authenticity with each submission.
Rails CSRF TokenThe server generates these tokens, links them to the user session, and stores them in the database. This token is then injected into any form presented to the client as a hidden field. When the client correctly submits the form for validation, it passes the token back to the server.
It protects from csrf. e.g. all POST requests should have specific security token.
http://en.wikipedia.org/wiki/Cross-site_request_forgery
http://guides.rubyonrails.org/security.html#cross-site-request-forgery-csrf
146
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
