{"id":26158258,"url":"https://github.com/envygeeks/ruby-rack-simple_csrf","last_synced_at":"2025-04-14T10:06:04.696Z","repository":{"id":6415867,"uuid":"7654243","full_name":"envygeeks/ruby-rack-simple_csrf","owner":"envygeeks","description":"Simpler CSRF middleware for Rack.","archived":false,"fork":false,"pushed_at":"2015-06-17T23:07:54.000Z","size":352,"stargazers_count":6,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-14T10:06:00.924Z","etag":null,"topics":["csrf","csrf-protection","rack","ruby"],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/envygeeks.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-01-16T21:25:23.000Z","updated_at":"2024-03-25T02:05:11.000Z","dependencies_parsed_at":"2022-09-06T01:20:19.168Z","dependency_job_id":null,"html_url":"https://github.com/envygeeks/ruby-rack-simple_csrf","commit_stats":null,"previous_names":["envygeeks/rack-simple_csrf"],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/envygeeks%2Fruby-rack-simple_csrf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/envygeeks%2Fruby-rack-simple_csrf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/envygeeks%2Fruby-rack-simple_csrf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/envygeeks%2Fruby-rack-simple_csrf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/envygeeks","download_url":"https://codeload.github.com/envygeeks/ruby-rack-simple_csrf/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248860285,"owners_count":21173342,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["csrf","csrf-protection","rack","ruby"],"created_at":"2025-03-11T10:49:12.805Z","updated_at":"2025-04-14T10:06:04.666Z","avatar_url":"https://github.com/envygeeks.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Rack::Csrf\n\n[![Build Status](https://travis-ci.org/envygeeks/ruby-rack-simple_csrf.png?branch=master)](https://travis-ci.org/envygeeks/ruby-rack-simple_csrf) [![Coverage Status](https://coveralls.io/repos/envygeeks/ruby-rack-simple_csrf/badge.png?branch=master)](https://coveralls.io/r/envygeeks/ruby-rack-simple_csrf) [![Code Climate](https://codeclimate.com/github/envygeeks/ruby-rack-simple_csrf.png)](https://codeclimate.com/github/envygeeks/ruby-rack-simple_csrf) [![Dependency Status](https://gemnasium.com/envygeeks/ruby-rack-simple_csrf.png)](https://gemnasium.com/envygeeks/ruby-rack-simple_csrf)\n\nRack::SimpleCsrf is my personal version of CSRF for Rack.  It implements only a skip list where everything else must be run through the validator.  It does not allow you to be explicit in what you validate, only explicit in what you do not validate.  The goal is to increase security and make you think about what you are doing before you decide to do it.\n\n# Usage\n\nRack::SimpleCsrf has a default output of \"Denied\", the example belows shows you passing your own caller for us.\n\n```ruby\nrequire \"sinatra/base\"\nrequire \"rack/simple_csrf\"\nrequire \"logger\"\n\nclass MyApp \u003c Sinatra::Base\n  set(:logger, Logger.new($stdout))\n\n  CSRF_SKIP_LIST = [\n    \"/my-path\",\n    \"POST:/my-other-path\",\n    \"/regexp-path/.*\"\n  ]\n\n  class \u003c\u003c self\n    def denied!(exception)\n      MyApp.logger.error { exception }\n      [403, {}, [\"Nice try asshole!\"]]\n    end\n  end\n\n  post \"/\" do\n    puts \"Hello World\"\n  end\n\n  helpers Rack::SimpleCsrf::Helpers\n  use Rack::SimpleCsrf, {\n    :skip =\u003e CSRF_SKIP_LIST,\n    :render_with =\u003e proc { |*a|\n      denied!(*a)\n    }\n  }\nend\n```\n\n# Options\n\n`:header` - `HTTP_X_CSRF_TOKEN` The header key\u003cbr /\u003e\n`:key` - `csrf` -- The cookie key\u003cbr /\u003e\n`:field` - `auth`  -- The auth_field token (meta and form)\u003cbr /\u003e\n`:raise` - `false` -- Raise `Rack::SimpleCsrf::CSRFFailedToValidateError`\n\u003cbr /\u003e\u003cbr /\u003e\nSkip supports an array with values as \"METHOD:/url\" or \"/url\".\u003cbr /\u003e\u003cbr /\u003e\n\nIf you chose not to raise you can optionally set `:render_with` with a callback. The callback will always recieve the `env` for you to call `Rack::Lint` or `Sinatra::Request` yourself. It is done this way so that people who wish to log can log since I don't accept a logger directly, you might also want to do other shit that I don't care about, so rather than giving a shit I might as well just accept a callback and let you do whatever the hell you want.\n\n# Helpers\n\n```ruby\ncsrf_meta_tag(:field =\u003e \"auth\")\ncsrf_form_tag(:tag =\u003e \"div\", :field =\u003e \"auth\")\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fenvygeeks%2Fruby-rack-simple_csrf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fenvygeeks%2Fruby-rack-simple_csrf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fenvygeeks%2Fruby-rack-simple_csrf/lists"}