New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature: introduce CSRF protection #986
Conversation
e29b72c
to
7618cf2
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- I advice we take a look into default ActionController implementation of CSRF
ActionController::RequestForgeryProtection
and either we use it or follow the same principle - https://medium.com/rubyinside/a-deep-dive-into-csrf-protection-in-rails-19fa0a42c0ef
7618cf2
to
fbf7d8d
Compare
fbf7d8d
to
1beed69
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good
Just need rebase and some documentation of the param.
1beed69
to
a225ef2
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would be in facvor of having a test file for CSRF, and disable it for the other test files
a225ef2
to
db7f2d7
Compare
db7f2d7
to
ca75850
Compare
Simple and effective CSRF protection overview and protection principles https://www.linkedin.com/pulse/how-protect-your-app-from-csrf-artem-linetskyi by @alinetskyi