CSRF protecting and cross site form access

Posted by fl00r on Stack Overflow See other posts from Stack Overflow or by fl00r
Published on 2010-05-06T10:15:42Z Indexed on 2010/05/06 10:18 UTC
Read the original article Hit count: 270

Hi. I aw working on cross site authentication (some domains have got common authentication). So I want to send authentication data (login, password) to main domain from others.

How should I use protect_from_forgery and how can I check if data received from valid domain?

What I am thinking now is to turn off protect_from_forgery for session controller and check domain name of received data.

But maybe I can configure CSRF protection for not only one domain?

© Stack Overflow or respective owner

Related posts about csrf

Related posts about ruby