Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implemented #csrf_meta_tags #1379

Merged
merged 1 commit into from Aug 20, 2013
Merged

Implemented #csrf_meta_tags #1379

merged 1 commit into from Aug 20, 2013

Conversation

dariocravero
Copy link

  • Implemented #csrf_meta_tags. It complies with Rails implementation
    and will generate two meta tags one with the csrf-param your app is
    expecting and the other with the csrf-token. Fixes Add csrf_meta_tags for javascript helpers #1127 and WARN - attack prevented by Rack::Protection::AuthenticityToken  #1251.
  • Added a csrf_param setting to allow you to tell what your CSRF token's
    field name should be when sent as a form parameter. It defaults to
    authenticity_token. rack-protection doesn't allow for that param to
    be set, so if you do so and want the middleware to work correctly you'll
    have to patch it or use your own validations for now - see this.
  • Refactored and cleaned up the CSRF helpers' code base and some
    helpers' tests.

- Implemented #csrf_meta_tags. It complies with [Rails
68e23cd 
  implementation](#1127 (comment))
and will generate two meta tags one with the `csrf-param` your app is
expecting and the other with the `csrf-token`. Fixes #1127 and #1251.
- Added a csrf_param setting to allow you to tell what your CSRF token's
  field name should be when sent as a form parameter. It defaults to
`authenticity_token`. `rack-protection` doesn't allow for that param to
be set, so if you do so and want the middleware to work correctly you'll
have to patch it or use your own validations for now - [see this](sinatra/rack-protection#65).
- Refactored and cleaned up the CSRF helpers' code base and some
  helpers' tests.
@Ortuna
Copy link
Member

Ortuna commented Aug 20, 2013

A lot cleaner! Thanks @dariocravero.

Ortuna added a commit that referenced this pull request Aug 20, 2013
@Ortuna
Merge pull request #1379 from padrino/csrf-helpers-cleanup
1bf047c 
Implemented #csrf_meta_tags
@Ortuna Ortuna merged commit 1bf047c into master Aug 20, 2013
@Ortuna Ortuna deleted the csrf-helpers-cleanup branch August 20, 2013 00:23
@ujifgc ujifgc mentioned this pull request Sep 16, 2013
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add csrf_meta_tags for javascript helpers
2 participants
@dariocravero @Ortuna