Project

rails3_csrf_patcher

0.0
No commit activity in last 3 years
No release in over 3 years
rails3_csrf_patchermaximabramchuck/rails3_csrf_patcherHomepageDocumentationSource CodeBug TrackerWiki
Patch your rails app due to protect from the CSRF vulnerability.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
 Popularity
Downloads
3,266
Stars
6
Forks
0
Watchers
1
 Releases
Current version
0.0.1
Total releases
1
First release
2015-03-23
Latest release
2015-03-23
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2015-05-23
Reverse Dependencies
0

 Dependencies

Development

bundler
~> 1.6
rake
>= 0
 Project Readme

Rails 3 Csrf Patcher

There are many other possibilities, like using a <script> tag to make a cross-site request to a URL with a JSONP or JavaScript response. The response is executable code that the attacker can find a way to run, possibly extracting sensitive data. To protect against this data leakage, we disallow cross-site <script> tags. Only Ajax requests may have JavaScript responses since XmlHttpRequest is subject to the browser Same-Origin policy - meaning only your site can initiate the request.

So, this gem just extend cross-site request forgery (CSRF) protection to GET requests with JavaScript responses, protecting apps from cross-origin <script> tags.

I've took all the code from here rails/rails#13345

Installation

Add this line to your application's Gemfile:

gem 'rails3_csrf_patcher'

And then execute:

$ bundle

Or install it yourself as:

$ gem install rails3_csrf_patcher

Contributing

  1. Fork it ( https://github.com/[my-github-username]/rails3_csrf_patcher/fork )
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a new Pull Request