cacheable-csrf-token-rails 0.1.0

data/README.md

@@ -0,0 +1,11 @@
+# Cacheable CSRF Token for Rails
+
+### Cache HTML containing CSRF protection tokens without worrying
+
+CacheableCSRFToken allows you to easily cache Ruby on Rails pages or partials containing a CSRF protection token. The user-specific token will inserted in the HTML before the response is sent to the user.
+
+#### Usage
+
+1. Add `cacheable-csrf-rails` to your Gemfile
+2. Add this line in ApplicationController:
+    `include CacheableCSRFTokenRails`

data/lib/cacheable-csrf-token-rails.rb

@@ -0,0 +1,45 @@
+# Inspired from http://www.jarrodspillers.com/2010/02/06/trying-to-use-rails-csrf-protection-on-cached-actions-rack-middleware-to-the-rescue/ and https://gist.github.com/1124982/632f1fcbe0981424128b3088ddb27a322c369cc1
+
+module CacheableCSRFTokenRails
+  def self.included(base)
+
+    ApplicationController.const_set "TOKEN_PLACEHOLDER", "__CROSS_SITE_REQUEST_FORGERY_PROTECTION_TOKEN__"
+    base.class_eval do
+      after_filter  :inject_csrf_token
+
+      private
+      def inject_csrf_token
+        if protect_against_forgery? && token = session['_csrf_token']
+          if body_with_token = response.body.gsub!(ApplicationController::TOKEN_PLACEHOLDER, token)
+            response.body = body_with_token
+          end
+        end
+      end
+    end
+
+    ActionView::Helpers::FormTagHelper.class_eval do
+      alias_method :token_tag_rails, :token_tag
+
+      def token_tag(token=nil)
+        if token != false && protect_against_forgery?
+          token ||= form_authenticity_token
+          tag(:input, :type => "hidden", :name => request_forgery_protection_token.to_s, :value => ApplicationController::TOKEN_PLACEHOLDER)
+        else
+          ''
+        end
+      end
+    end
+
+    ActionView::Helpers::CsrfHelper.class_eval do
+      def csrf_meta_tags
+        if protect_against_forgery?
+          [
+            tag('meta', :name => 'csrf-param', :content => request_forgery_protection_token),
+            tag('meta', :name => 'csrf-token', :content => ApplicationController::TOKEN_PLACEHOLDER)
+          ].join("\n").html_safe
+        end
+      end
+    end
+
+  end # included
+end

metadata

@@ -0,0 +1,66 @@
+--- !ruby/object:Gem::Specification
+name: cacheable-csrf-token-rails
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease: 
+platform: ruby
+authors:
+- Carl Mercier
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-09-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 3.2.5
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 3.2.5
+description: CacheableCSRFToken allows you to easily cache Ruby on Rails pages or
+  partials containing a CSRF protection token. The user-specific token will inserted
+  in the HTML before the response is sent to the user.
+email:
+- carl@carlmercier.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- lib/cacheable-csrf-token-rails.rb
+homepage: http://github.com/cmer/cacheable-csrf-token-rails
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.23
+signing_key: 
+specification_version: 3
+summary: Cache HTML containing CSRF protection tokens without worrying
+test_files: []
+has_rdoc: