This extension is part of the Rack::Protection project. Run gem install rack-protection to have it available.
- Prevented attack
-
CSRF
- Supported browsers
-
Google Chrome 2, Safari 4 and later
- More infos
-
en.wikipedia.org/wiki/Cross-site_request_forgery tools.ietf.org/html/draft-abarth-origin
</dl>
Does not accept unsafe HTTP requests when value of Origin HTTP request header does not match default or permitted URIs.
If you want to permit a specific domain, you can pass in as the ‘:permitted_origins` option:
use Rack::Protection, permitted_origins: ["http://localhost:3000", "http://127.0.01:3000"]
The ‘:allow_if` option can also be set to a proc to use custom allow/deny logic.