CSRF Vulnerability - Rails 3.2.9

Question

CSRF Vulnerability - Rails 3.2.9

I am using rails 3.2.9 in webrick. My site seems to be vulnerable to CSRF. I already added <% = csrf_meta_tags%> to the layout file. And added Protect_from_forgery in my application controller.

but when I try to make a request to submit from a form in another domain, this is possible. My site still seems vulnerable to CSRF ..

I am amazed, I wonder how to proceed! Pls help me

+4

security ruby ruby-on-rails-3.2

Mithun arunan May 18, '16 at 10:30

source share

No one has answered this question yet.

See related questions:

1023

How to get current absolute url in Ruby on Rails?

941

Understanding Rails Authentication Identifier

876

Brief Explanation nil v. Empty v. Blank in Ruby on Rails

213

Why is it so often to put CSRF tokens in cookies?

188

How serious is this new ASP.NET security vulnerability and how can it be circumvented?

186

Rails 4 Authenticity

63

CSRF protection with CORS Origin header vs CSRF token

eleven

Is CSRF protection unsafe by default Rails?

2

CSRF protection on static pages

1

csrf rails marker runtime

CSRF Vulnerability - Rails 3.2.9

More articles: