'protect_from_forgery' in Application controller in Rails

ruby-on-rails applicationcontroller
Rajesh Omanakuttan picture Rajesh Omanakuttan · Dec 13, 2012 · Viewed 10.8k times · Source

In the config/application_controller.rb file in my Rails application directory, I found the code below:

class ApplicationController < ActionController::Base
  protect_from_forgery
end

Can any one tell me what project_from_forgery means and why it is being used?

Answer

Pavel S picture Pavel S · Dec 13, 2012

It protects from csrf. e.g. all POST requests should have specific security token.

http://en.wikipedia.org/wiki/Cross-site_request_forgery

http://guides.rubyonrails.org/security.html#cross-site-request-forgery-csrf

Related questions

"undefined method" when calling helper method from controller in Rails

Does anyone know why I get undefined method `my_method' for #<MyController:0x1043a7410> when I call my_method("string") from within my ApplicationController subclass? My controller looks like class MyController < ApplicationController def show @value = my_method(…

Read More
How to set cookies in ApplicationController?

I need to set cookies in my ApplicationController but I'm not sure how. I've tried using cookies - nothing, using ActionController::Cookies - nothing. I don't need anything more then setting and getting cookies but what I do need is …

Read More
How do you route an action to the application controller in Rails 3?

I am using the gem rails3-jquery-autocomplete and had no problems with it, however I have now moved my autocomplete form into the application template and therefore the ajax calls are now being dealt by the application controller, so my …

Read More