Project

angular_csrf

0.01
No commit activity in last 3 years
No release in over 3 years
angular_csrfnakhli/angular_csrfHomepageDocumentationSource CodeBug TrackerWiki
Extends Rails CSRF protection to play nicely with AngularJS.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
34,405
Stars
17
Forks
0
Watchers
5
 Releases
Current version
0.1.6
Total releases
6
First release
2014-11-10
Latest release
2016-09-18
 Issues
Open Issues
0
Closed Issues
1
Total Issues
1
Issue Closure Rate
100%
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
0
Merged Pull Requests
4
Pull Request Acceptance Rate
100%
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2015-05-20
Reverse Dependencies
0

 Dependencies

Development

rspec
~> 3.1
rspec-rails
~> 3.1

Runtime

rails
>= 3.1
 Project Readme

angular_csrf

Extends Rails CSRF protection to play nicely with AngularJS.

Build Status security Code Climate Dependency Status Gem Version

Once installed, angular_csrf just works: No need to change or configure neither the AngularJS javascript code nor the Rails application.

CSRF is an exploit that allows malicious websites to do unauthorized actions on a website that trusts the user. The angular_csrf gem extends the CSRF protection in Rails to match the naming convention used in AngularJS for the HTTP header and cookie token names (see Cookie-to-Header Token CSRF protection strategy for more details).

angular_csrf has a very small footprint and has only the rails gem as dependency.

Getting Started

  1. Add the following line to your Gemfile:
gem 'angular_csrf'

Run the bundle command to install it.

bundle install
  1. Run the angular_csrf generator:
rails generate angular_csrf

The generator will install an initializer initializers/angular_csrf.rb which takes care of extending the application controllers to handle the expected AngularJS CSRF protection data. 3. You are done! Your app CSRF protection now plays nicely with AngularJS.

How it works

AngularJS deals with CSRF protection as follows:

  • Reads the CSRF protection token form a cookie, by default XSRF-TOKEN
  • Sends back the CSRF token as a http header, by default: X-XSRF-TOKEN

angular_csrf makes the Rails application or API set the expected cookie token and read and validate the http header sent by AngularJS. angular_csrf installs a Rails initializer that extends the application controllers to perform these tasks.

License

Licensed under the MIT License.

Copyright Chaker Nakhli.