Similar functionallity added to Padrino. This gem will no longer be maintained.
Overview
Padrino CSRF is a plugin for the Padrino web framework which adds cross-site request forgery protection.
Setup & Installation
Include it in your project's Gemfile
with Bundler:
gem 'padrino-csrf'
Modify your app/app.rb
file to register the plugin:
class ExampleApplication < Padrino::Application
register Padrino::CSRF
end
Configuration
prevent_request_forgery
When enabled, will automatically verify the CSRF authentication token on all post
, put
, and delete
requests.
You can of course disable this on a request by request basis:
enable :prevent_request_forgery
post :register do
# request is checked
end
post :register, protect: false do
# request isn't checked
end
Or if you prefer, you can disable it by default, and enable it on a request by request basis:
disable :prevent_request_forgery
post :register do
# request isn't checked
end
post :register, protect: true do
# request is checked
end
Dependencies
- Padrino-Core and Padrino-Helpers
- Ruby >= 1.9.2
TODO
- Additional documentation
- Tests
Copyright
Copyright � 2012 Benjamin Bloch (Cirex). See LICENSE for details.