RailsLodge - Security Extensions plugin

Security Extensions plugin

Plugin details

A set of security extensions for preventing CSRF

Repositoryhttp://svn.aviditybytes.com/rails/plugins/security_extensions Author Avidity Bytes Tags Security LicenseMIT

Documentation

Install the plugin:

ruby script/plugin install http://svn.aviditybytes.com/rails/plugins/security_extensions

Example
===========

The following is an example of ensuring all POST requests in an application are secure and that the UserController#logout method can only be called by POST.

/app/controllers/application.rb:

  class ApplicationController < ActionController::Base
    verify_form_posts_have_security_token
    ...
  end

/app/controllers/user_controller.rb:

  class UserController < ApplicationController
    verify_post :only => :logout
    ...
  end

/app/views/layouts/application.rhtml:

  <%= secure_form_tag :action => 'logout' %>

/test/functional/user_controller_test.rb:

  def test_should_contain_a_secure_form
    get :index
    assert_number_of_secure_forms 1
  end

  def test_should_require_secure_post
    post_without_security :logout
    assert_response 403
  end

  def test_should_require_post
    get :logout
    assert_response 403
  end

  def test_should_redirect_to_login_on_logout
    post :logout
    assert_redirected_to :action => 'login'
  end

Further Documentation

There is currently no advanced documentation for this plugin.

New documentation

Edit plugin | (0 older versions) | Last edited by: hardway, 7 months ago

Plugin Links

Security Extensions home

Security Extensions plugin

Plugin details

Documentation

Further Documentation

Plugin Links

Plugin Search

Plugin Tags

Sponsors