Rails integration for AngularJS style CSRF protection
16-Dec-2021 1414
The AngularJS ng.$http service has built-in CSRF protection. By default, it looks for a cookie named XSRF-TOKEN and, if found, writes its value into an X-XSRF-TOKEN header, which the server compares with the CSRF token saved in the user's session.This project adds direct support for this scheme to your Rails application without requiring any changes to your AngularJS application. It also doesn't require the use of csrf_meta_tags to write a CSRF token into your page markup, so it works for pure JSON API applications.Note that there is nothing AngularJS specific here, and this will work with any other front-end that implements the same scheme.Check version compatibility to learn which Rails/Rubies are currently supported.
Rails integration for AngularJS style CSRF protection #ruby #rubydeveloper #rubyonrails #Rails #integration #AngularJS #style #protection #integration https://rubyonrails.ba/link/rails-integration-for-angularjs-style-csrf-protection