riboseinc/rails_encrypted_token

= rails_encrypted_token :source-highlighter: pygments

rails_encrypted_token implements CSRF using the https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Encrypted_Token_Pattern[encrypted token pattern].

Its primary advantage is that the server does not have to store any session-related data.

== Usage

=== Installation

Then add this line to your application's Gemfile:

[source,ruby]

gem 'rails_encrypted_token', github: 'riboseinc/rails_encrypted_token'

And then execute:

bundle

Or install it yourself as:

gem install rails_encrypted_token

=== Getting started

Simply put a line in your application_controller.rb like so:

[source,ruby]

class ApplicationController < ActionController::Base protect_from_forgery using: :encrypted_token end

== Configurations

(TODO)

[source,ruby]

class ApplicationController < ActionController::Base protect_from_forgery using: :encrypted_token end

== Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

=== Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/riboseinc/rails_encrypted_token. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the http://contributor-covenant.org[Contributor Covenant] code of conduct.

== License

The gem is available as open source under the terms of the http://opensource.org/licenses/MIT[MIT License].