Everybody hates CSRF

This page summarizes the projects mentioned and recommended in the original post on dev.to

Our great sponsors
  • PopRuby - Clothing and Accessories for Ruby Developers
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • omniauth-apple

    OmniAuth strategy for Sign In with Apple

    We've run into some issues where the cookie that manages our session isn't available, therefore breaking checks 2 & 3 mentioned above. If interested, this issue has the most in-detail conversation on that problem specific to our case.

  • omniauth-oauth2

    An abstract OAuth2 strategy for OmniAuth.

    Omniauth-OAuth checks for a state value sent in with the request that should be available within the session when the callback is performed (source here)

  • PopRuby

    PopRuby: Clothing and Accessories for Ruby Developers. Fashion meets Ruby! Shop our fun Ruby-inspired apparel and accessories designed to celebrate the joy and diversity of the Ruby community.

  • Ruby on Rails

    Ruby on Rails

    Action Pack checks the ORIGIN header of POST requests so they are required to match the website's own domain, i.e. request.base_url (source here)

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts