Project

rack-csrf-detector

0.0
No commit activity in last 3 years
No release in over 3 years
rack-csrf-detectortam7t/rack-csrf-detectorHomepageDocumentationSource CodeBug TrackerWiki
This middleware helps you identify when a GET request results in an application state-change
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
 Popularity
Downloads
7,760
Stars
2
Forks
0
Watchers
1
 Releases
Current version
0.2.1
Total releases
3
First release
2015-07-04
Latest release
2015-07-06
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
0
Merged Pull Requests
5
Pull Request Acceptance Rate
100%
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2015-07-06
Reverse Dependencies
0

 Dependencies
 Project Readme

rack-csrf-detector

Rails only protects you against CSRFs if you use GET and POST correctly. This middleware helps you identify when a GET request results in an application state-change.

How It Works

rack-csrf-detector monkey-patches ActiveRecord to identify GET requests that cause a database commit. A CRSF-WARNING header is added to responses when this is detected. An accompanying chrome extension is available to alert when the header is present.

Usage

Add the following to your Gemfile

gem 'rack-csrf-detector', :require => 'rack/csrf_detector'

And include the middleware in your development.rb

config.middleware.use "Rack::CsrfDetector" do
  use Rack::CsrfDetector::ActiveRecordInstrument
  use Rack::CsrfDetector::SidekiqInstrument
end

Note: Do not run this in production.

You can also install the chrome extension:

More Tools | Extensions | Developer mode | Load Unpacked extension...

And select the chrome-extension folder in this repo.