CSRF protecting and cross site form access
Posted
by fl00r
on Stack Overflow
See other posts from Stack Overflow
or by fl00r
Published on 2010-05-06T10:15:42Z
Indexed on
2010/05/06
10:18 UTC
Read the original article
Hit count: 270
Hi. I aw working on cross site authentication (some domains have got common authentication). So I want to send authentication data (login, password) to main domain from others.
How should I use protect_from_forgery
and how can I check if data received from valid domain?
What I am thinking now is to turn off protect_from_forgery
for session controller and check domain name of received data.
But maybe I can configure CSRF protection for not only one domain?
© Stack Overflow or respective owner