rack-csrf-detector

Rails only protects you against CSRFs if you use GET and POST correctly. This middleware helps you identify when a GET request results in an application state-change.

How It Works

rack-csrf-detector monkey-patches ActiveRecord to identify GET requests that cause a database commit. A CRSF-WARNING header is added to responses when this is detected. An accompanying chrome extension is available to alert when the header is present.

Usage

Add the following to your Gemfile

gem 'rack-csrf-detector', :require => 'rack/csrf_detector'

And include the middleware in your development.rb

config.middleware.use "Rack::CsrfDetector" do
  use Rack::CsrfDetector::ActiveRecordInstrument
  use Rack::CsrfDetector::SidekiqInstrument
end

Note: Do not run this in production.

You can also install the chrome extension:

More Tools | Extensions | Developer mode | Load Unpacked extension...

And select the chrome-extension folder in this repo.

Name		Name	Last commit message	Last commit date
Latest commit History 15 Commits
chrome-extension		chrome-extension
lib/rack		lib/rack
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
rack-csrf-detector.gemspec		rack-csrf-detector.gemspec

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

rack-csrf-detector

How It Works

Usage

About

Uh oh!

Releases

Packages

Uh oh!

Languages

License

tam7t/rack-csrf-detector

Folders and files

Latest commit

History

Repository files navigation

rack-csrf-detector

How It Works

Usage

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Languages

Packages