Remote Forgery protection plugin

Plugin details

Remote Forgery Protection is a Rails plugin that automatically adds authenticity token to Ajax requests.

Rails protects controller actions from CSRF (Cross-Site Request Forgery) attacks with a token based on a random string stored in the session. The token parameter is named authenticity_token by default and will be embedded in all forms and Ajax requests generated by Rails.

What about hand coded Ajax request? You can manually add authenticity_token parameter to all Ajax requests or you can let Remote Forgery Protection plugin do everything for you.

Supported Javascript libraries: Prototype, jQuery and ExtJS (let me know if you would like to see it working with some other library)

Websitehttp://github.com/vlado/remote_forgery_protection Repositorygit://github.com/vlado/remote_forgery_protection.git Author Vlado Cingel Tags extjs, jQuery, Prototype, authenticity_token, token, AJAX, protection, forgery LicenseRuby's (MIT)

Documentation

Install the plugin: 
ruby script/plugin install git://github.com/vlado/remote_forgery_protection.git

Just add this line in your head section

<%= remote_forgery_protection %>

and all future non GET Ajax request will automatically send authenticity_token parameter. You will also have global variable _token to use anywhere in you’re scripts.

Further Documentation

There is currently no advanced documentation for this plugin.

New documentation

Edit plugin | Back in time (1 older version) | Last edited by: vlado, 7 months ago