Skip to content

Instantly share code, notes, and snippets.

@forced-request

forced-request/gist:a29212b17d12bf57a88f

Created September 9, 2014 16:22
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save forced-request/a29212b17d12bf57a88f to your computer and use it in GitHub Desktop.
Save forced-request/a29212b17d12bf57a88f to your computer and use it in GitHub Desktop.
Download ZIP
CSRF Example
Raw
gistfile1.rb
class ApplicationController < ActionController::Base
protect_from_forgery
# Overload handle_unverified_request to ensure that
# exception is raised each time a request does not
# pass validation.
def handle_unverified_request
raise(ActionController::InvalidAuthenticityToken)
end
end
class AccountController < ApplicationController
def transfer_funds
Funds.transfer(params[:source_account], params[:destination_account], params[:quantity])
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment