Plugin for the Padrino web framework which adds cross-site request forgery protection
Ruby
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
lib
spec
vendor/assets
.gitignore
.rspec
.yardopts
Gemfile
LICENSE
README.md
Rakefile
padrino-csrf.gemspec

README.md

Similar functionallity added to Padrino. This gem will no longer be maintained.

Overview

Padrino CSRF is a plugin for the Padrino web framework which adds cross-site request forgery protection.

Setup & Installation

Include it in your project's Gemfile with Bundler:

gem 'padrino-csrf'

Modify your app/app.rb file to register the plugin:

class ExampleApplication < Padrino::Application
  register Padrino::CSRF
end

Configuration

prevent_request_forgery
When enabled, will automatically verify the CSRF authentication token on all post, put, and delete requests.

You can of course disable this on a request by request basis:

enable :prevent_request_forgery

post :register do
  # request is checked
end

post :register, protect: false do
  # request isn't checked
end

Or if you prefer, you can disable it by default, and enable it on a request by request basis:

disable :prevent_request_forgery

post :register do
  # request isn't checked
end

post :register, protect: true do
  # request is checked
end

Dependencies

TODO

  • Additional documentation
  • Tests

Copyright

Copyright � 2012 Benjamin Bloch (Cirex). See LICENSE for details.