| Module | Crumblr |
| In: |
vendor/plugins/crumblr/lib/crumblr.rb
|
A plugin to protect against Cross-Site Request Forgery. This plugin requires string_ext.
Because crumb verification is a request filter one can‘t pass variables to a verify_crumb. But because Crumblr gets mixed into ActionController one can use class attributes to pass information to verify_crumb and issue_crumb. Crumblr uses the following attributes:
| crumb_window: | The time window within which the form has to be submitted and verified. Defaults to 15 minutes. |
| crumb_flash_msg: | The message to passed to the session flash if the crumb doesn‘t validate. Defaults to Form submission timed out. Please resubmit.. |
| crumb_scope: | The scope of actions that use compatible crumbs. Defaults to the ActionController‘s class name which means that verify_crumb only validates actions of that controller. Override to broaden the scope. Setting the scope in 2 controllers to the same value makes their crumbs compatible. |