How can I prevent CSRF in Ruby on Rails programming ? Is it possible to avoid overload on the application loading on net ?
Asked
Active
Viewed 1,471 times
1 Answers
2
Ruby on Rails basically makes use of a Security Token, which if also a recommended way of preventing CSFR attacks, to prevent CSRF attacks.
You must include a security token using: protect_from_forgery in your requests and MUST verify it on the server. This will automatically include a security token in all forms and Ajax requests generated by Rails. If the security token doesn't match what was expected, the session will be reset.
Source: Ruby on Rails Security Guide.
Rahil Arora
- 4,357
- 2
- 25
- 42