Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
C
C
checkthis2016-04-04 16:32:25
Ruby on Rails
checkthis, 2016-04-04 16:32:25

Preventing CSRF with protect_from_forgery?

Good afternoon, in the ApplicationController, from which all other controllers in my application are inherited, I did:

class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :null_session

 ...
end

Instead of:
protect_from_forgery with: :exception
Running brakeman to find out how many security bugs my application saw, he recommends using:
protect_from_forgery with: :exception
Question: How can protect_from_forgery with: :null_session harm web application security? I read the documentation, tried to perform a CSRF attack manually, I failed, instead of an exceptional situation, I find myself on the main page of my application, and the action on which I attacked did not execute.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
A
Andrey2017-10-18 10:40:52
How to send Cyrillic in GET request? 1Reply
A
Anton Ivanov2017-11-10 23:58:12
How to get rid of the problem when eager loading the lib directory and using custom controller templates? 1Reply
M
maxtrelle2017-11-13 16:09:42
How to work with dates and calendar in Ruby on Rails without creating flights every day? 1Reply
D
Daff222017-11-15 07:10:16
Ruby on Rails+SQLite3+AngularJs? 1Reply
A
asdasda112017-11-20 19:09:20
How to check params security? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question