Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
C
C
checkthis2016-04-04 16:32:25
Ruby on Rails
checkthis, 2016-04-04 16:32:25

Preventing CSRF with protect_from_forgery?

Good afternoon, in the ApplicationController, from which all other controllers in my application are inherited, I did:

class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :null_session

 ...
end

Instead of:
protect_from_forgery with: :exception
Running brakeman to find out how many security bugs my application saw, he recommends using:
protect_from_forgery with: :exception
Question: How can protect_from_forgery with: :null_session harm web application security? I read the documentation, tried to perform a CSRF attack manually, I failed, instead of an exceptional situation, I find myself on the main page of my application, and the action on which I attacked did not execute.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
P
Ph-s2017-02-19 00:32:28
How to run a job from a queue, put there from another application? 1Reply
S
Stergy2019-07-18 17:52:57
How to add only unique values ​​in a PostgreSQL query? 2Reply
A
Andrey2019-07-22 12:45:08
How to implement remote: true for react (rails)? 0Reply
S
Semyon Semyonov2015-02-21 21:19:33
How to properly cache rarely changed data? 4Reply
G
GrizZzly2015-02-22 13:31:19
Rails, what is the correct way to get data from multiple clients and display it? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question