TechQA.

Rails CSFR protection: is it corrent to write before_filter?

321 views Asked by At

My application controller looks like this:

class ApplicationController < ActionController::Base
  protect_from_forgery
  before_filter :check_csrf
  def check_csrf
    if not verified_request?
      redirect_to root_url, :error => "forgery protection"
      return
    end
  end
end

Without check_csrf, Rails writes warning to server console on bad responses, then execution continues as usually. So I had to write my own check_csrf. Now it works fine. Is it correct? Is there a simplier way to stop execution of bad request?

Rails version: 3.1.

ruby-on-rails-3.1 csrf-protection protect-from-forgery
Original Q&A
1

There are 1 answers

0
Michał Simka On BEST ANSWER

I think you should override handle_unverified_request.

Something like that:

class ApplicationController < ActionController::Base
  protect_from_forgery

  protected
    def handle_unverified_request
      redirect_to root_url, :error => "forgery protection"
    end
end

Related Questions in RUBY-ON-RAILS-3.1

Related Questions in CSRF-PROTECTION

Related Questions in PROTECT-FROM-FORGERY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions