CSRF tokens in Padrino

Out of the box CSRF tokens have been available for Padrino since the 0.11.0 release and was given an handy update in the 0.11.4 release. It can be a bit difficult to find the actual information and documentation on how to use CSRF tokens in Padrino. It is very straight forward, just add <%= csrf_meta_tags %> inside your head tag like this minimal example.

<!DOCTYPE html>
<html>
    <head>
        <title>Padrino App</title>
        <%= csrf_meta_tags %>
    </head>
<body>
<%= yield %>
</body>
</html>

Wikipedia has a good article on Cross-site request forgery For some more in depth security details see the OWASP pages Cross-Site Request Forgery (CSRF) and Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet

comments powered by Disqus