cacheable-csrf-token-rails 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.md +11 -0
- data/lib/cacheable-csrf-token-rails.rb +45 -0
- metadata +66 -0
data/README.md
ADDED
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
# Cacheable CSRF Token for Rails
|
|
2
|
+
|
|
3
|
+
### Cache HTML containing CSRF protection tokens without worrying
|
|
4
|
+
|
|
5
|
+
CacheableCSRFToken allows you to easily cache Ruby on Rails pages or partials containing a CSRF protection token. The user-specific token will inserted in the HTML before the response is sent to the user.
|
|
6
|
+
|
|
7
|
+
#### Usage
|
|
8
|
+
|
|
9
|
+
1. Add `cacheable-csrf-rails` to your Gemfile
|
|
10
|
+
2. Add this line in ApplicationController:
|
|
11
|
+
`include CacheableCSRFTokenRails`
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
# Inspired from http://www.jarrodspillers.com/2010/02/06/trying-to-use-rails-csrf-protection-on-cached-actions-rack-middleware-to-the-rescue/ and https://gist.github.com/1124982/632f1fcbe0981424128b3088ddb27a322c369cc1
|
|
2
|
+
|
|
3
|
+
module CacheableCSRFTokenRails
|
|
4
|
+
def self.included(base)
|
|
5
|
+
|
|
6
|
+
ApplicationController.const_set "TOKEN_PLACEHOLDER", "__CROSS_SITE_REQUEST_FORGERY_PROTECTION_TOKEN__"
|
|
7
|
+
base.class_eval do
|
|
8
|
+
after_filter :inject_csrf_token
|
|
9
|
+
|
|
10
|
+
private
|
|
11
|
+
def inject_csrf_token
|
|
12
|
+
if protect_against_forgery? && token = session['_csrf_token']
|
|
13
|
+
if body_with_token = response.body.gsub!(ApplicationController::TOKEN_PLACEHOLDER, token)
|
|
14
|
+
response.body = body_with_token
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
ActionView::Helpers::FormTagHelper.class_eval do
|
|
21
|
+
alias_method :token_tag_rails, :token_tag
|
|
22
|
+
|
|
23
|
+
def token_tag(token=nil)
|
|
24
|
+
if token != false && protect_against_forgery?
|
|
25
|
+
token ||= form_authenticity_token
|
|
26
|
+
tag(:input, :type => "hidden", :name => request_forgery_protection_token.to_s, :value => ApplicationController::TOKEN_PLACEHOLDER)
|
|
27
|
+
else
|
|
28
|
+
''
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
ActionView::Helpers::CsrfHelper.class_eval do
|
|
34
|
+
def csrf_meta_tags
|
|
35
|
+
if protect_against_forgery?
|
|
36
|
+
[
|
|
37
|
+
tag('meta', :name => 'csrf-param', :content => request_forgery_protection_token),
|
|
38
|
+
tag('meta', :name => 'csrf-token', :content => ApplicationController::TOKEN_PLACEHOLDER)
|
|
39
|
+
].join("\n").html_safe
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
end # included
|
|
45
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: cacheable-csrf-token-rails
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.1.0
|
|
5
|
+
prerelease:
|
|
6
|
+
platform: ruby
|
|
7
|
+
authors:
|
|
8
|
+
- Carl Mercier
|
|
9
|
+
autorequire:
|
|
10
|
+
bindir: bin
|
|
11
|
+
cert_chain: []
|
|
12
|
+
date: 2012-09-13 00:00:00.000000000 Z
|
|
13
|
+
dependencies:
|
|
14
|
+
- !ruby/object:Gem::Dependency
|
|
15
|
+
name: rails
|
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
|
17
|
+
none: false
|
|
18
|
+
requirements:
|
|
19
|
+
- - ! '>='
|
|
20
|
+
- !ruby/object:Gem::Version
|
|
21
|
+
version: 3.2.5
|
|
22
|
+
type: :runtime
|
|
23
|
+
prerelease: false
|
|
24
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
25
|
+
none: false
|
|
26
|
+
requirements:
|
|
27
|
+
- - ! '>='
|
|
28
|
+
- !ruby/object:Gem::Version
|
|
29
|
+
version: 3.2.5
|
|
30
|
+
description: CacheableCSRFToken allows you to easily cache Ruby on Rails pages or
|
|
31
|
+
partials containing a CSRF protection token. The user-specific token will inserted
|
|
32
|
+
in the HTML before the response is sent to the user.
|
|
33
|
+
email:
|
|
34
|
+
- carl@carlmercier.com
|
|
35
|
+
executables: []
|
|
36
|
+
extensions: []
|
|
37
|
+
extra_rdoc_files: []
|
|
38
|
+
files:
|
|
39
|
+
- README.md
|
|
40
|
+
- lib/cacheable-csrf-token-rails.rb
|
|
41
|
+
homepage: http://github.com/cmer/cacheable-csrf-token-rails
|
|
42
|
+
licenses: []
|
|
43
|
+
post_install_message:
|
|
44
|
+
rdoc_options: []
|
|
45
|
+
require_paths:
|
|
46
|
+
- lib
|
|
47
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
48
|
+
none: false
|
|
49
|
+
requirements:
|
|
50
|
+
- - ! '>='
|
|
51
|
+
- !ruby/object:Gem::Version
|
|
52
|
+
version: '0'
|
|
53
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
54
|
+
none: false
|
|
55
|
+
requirements:
|
|
56
|
+
- - ! '>='
|
|
57
|
+
- !ruby/object:Gem::Version
|
|
58
|
+
version: '0'
|
|
59
|
+
requirements: []
|
|
60
|
+
rubyforge_project:
|
|
61
|
+
rubygems_version: 1.8.23
|
|
62
|
+
signing_key:
|
|
63
|
+
specification_version: 3
|
|
64
|
+
summary: Cache HTML containing CSRF protection tokens without worrying
|
|
65
|
+
test_files: []
|
|
66
|
+
has_rdoc:
|