Created
May 7, 2012 15:57
-
-
Save iHiD/2628630 to your computer and use it in GitHub Desktop.
How to Build A Secure Website With Ruby On Rails
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| config.force_ssl = true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var form_data = //.. Serialise a form | |
| // Get token and param from the meta tags | |
| var token = $('meta[name="csrf-token"]').attr('content'); | |
| var param = $('meta[name="csrf-param"]').attr('content'); | |
| // Create url of "/settings/profile?name=Jeremy+Walker&authenticity_token=askdsalewg303y09sd00dshb0b00ac0dffbafds" | |
| document.location = "/settings/profile?_method=PUT&" + form_data + "&" + token + "=" + param; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rails generate session_migration | |
| rake db:migrate |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| heroku addons:add ssl:endpoint | |
| heroku certs:add my_cerficate.crt site.key |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Security::Application.config.session_store :active_record_store |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Authenticate user | |
| @user = #... | |
| # Destroy the existing session in case anyone is sharing it and | |
| # create a new session that you know to be unique to the user. | |
| reset_session | |
| # Store the user's id as normal | |
| session[:user_id] = @user.id |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class SettingsController < ApplicationController | |
| def show | |
| @user = User.find(session[:user_id]) | |
| end | |
| def update | |
| @user = User.find(session[:user_id]) | |
| @user.update_attributes(params[:settings]) | |
| end | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Security::Application.routes.draw do | |
| match 'show_settings' => "settings#show" | |
| match 'update_settings' => "settings#update" | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Security::Application.routes.draw do | |
| get 'show_settings' => "settings#show" | |
| put 'update_settings' => "settings#update" | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Security::Application.routes.draw do | |
| resource :settings | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment