New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authenticity token #1100

Merged
merged 7 commits into from Mar 13, 2013

Conversation

Projects
None yet
2 participants
@skade
Member

skade commented Mar 10, 2013

This implements #893 using a slightly modified version of rack-protection.

Please do not merge as long as the associated pull request is closed. If it is not accepted, the change can cleanly ported by ourselves.

@nesquena

This comment has been minimized.

Show comment
Hide comment
@nesquena

nesquena Mar 10, 2013

Member

OK great, thanks for putting this together. Nice to have an authenticity token built in.

Member

nesquena commented Mar 10, 2013

OK great, thanks for putting this together. Nice to have an authenticity token built in.

skade added some commits Mar 10, 2013

Add csrf token handling
This adds csrf token handling based on a modified version of Rack::Protection.
Add a csrf_token_field helper for forms
The token field is automatically generated without user interaction
@skade

This comment has been minimized.

Show comment
Hide comment
@skade

skade Mar 13, 2013

Member

I ported rack/protection#46 temporarily. It is now extension in core which should be removed once rhk releases the next rack-protection (this weekend).

Member

skade commented Mar 13, 2013

I ported rack/protection#46 temporarily. It is now extension in core which should be removed once rhk releases the next rack-protection (this weekend).

skade added a commit that referenced this pull request Mar 13, 2013

Merge pull request #1100 from skade/authenticity_token
Add csrf protection through authenticity_token

@skade skade merged commit d7f719d into padrino:master Mar 13, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment