Similar functionallity added to Padrino. This gem will no longer be maintained.
Padrino CSRF is a plugin for the Padrino web framework which adds cross-site request forgery protection.
Include it in your project's Gemfile with Bundler:
gem 'padrino-csrf'Modify your app/app.rb file to register the plugin:
class ExampleApplication < Padrino::Application
register Padrino::CSRF
endprevent_request_forgery
When enabled, will automatically verify the CSRF authentication token on all post, put, and delete requests.
You can of course disable this on a request by request basis:
enable :prevent_request_forgery
post :register do
# request is checked
end
post :register, protect: false do
# request isn't checked
endOr if you prefer, you can disable it by default, and enable it on a request by request basis:
disable :prevent_request_forgery
post :register do
# request isn't checked
end
post :register, protect: true do
# request is checked
end- Padrino-Core and Padrino-Helpers
- Ruby >= 1.9.2
- Additional documentation
- Tests
Copyright � 2012 Benjamin Bloch (Cirex). See LICENSE for details.