cookpad/omniauth-rails_csrf_protection cookpad/omniauth-rails_csrf_protection

Omniauth
  • Stars
    star
    213
  • Rank 178,795 (Top 4 %)
  • Language
    Ruby
  • License
    MIT License
  • Created almost 5 years ago
  • Updated about 2 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
cookpad/omniauth-rails_csrf_protection
github

cookpad

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Provides CSRF protection on OmniAuth request endpoint on Rails application.

OmniAuth - Rails CSRF Protection

This gem provides a mitigation against CVE-2015-9284 (Cross-Site Request Forgery on the request phase when using OmniAuth gem with a Ruby on Rails application) by implementing a CSRF token verifier that directly uses ActionController::RequestForgeryProtection code from Rails.

Usage

Add this line to your application's Gemfile:

gem "omniauth-rails_csrf_protection"

Then run bundle install to install this gem.

You will then need to verify that all links in your application that would initiate OAuth request phase are being converted to a HTTP POST form that contains authenticity_token value. This might simply be done by changing all link_to to button_to, or use link_to ..., method: :post.

Under the Hood

This gem does a few things to your application:

  • Disable access to the OAuth request phase using HTTP GET method.
  • Insert a Rails CSRF token verifier at the before request phase.

These actions mitigate you from the attack vector described in CVE-2015-9284.

Contributing

Bug reports and pull requests are welcome on GitHub. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.

License

The gem is available as open source under the terms of the MIT License.

Code of Conduct

Everyone interacting in the this project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.

More Repositories

1

styleguide

Cookpad's coding style guides
1,173
star
2

chanko

Rapidly and safely prototyping your rails application
Ruby
636
star
3

garage

Rails extension for RESTful Hypermedia API
Ruby
511
star
4

kage

Kage (kah-geh) is a shadow proxy server to duplex HTTP requests
Ruby
503
star
5

rrrspec

Distributed RSpec
Ruby
490
star
6

puree-android

A log collector for Android
Java
480
star
7

license-tools-plugin

Gradle plugin to check library licenses and generate license pages.
HTML
330
star
8

arproxy

Arproxy is a proxy between ActiveRecord and database adapter
Ruby
316
star
9

kuroko2

Kuroko2 is a web-based job scheduler / workflow engine.
Ruby
311
star
10

expeditor

Expeditor provides asynchronous execution and fault tolerance for Microservices
Ruby
231
star
11

Puree-Swift

🍯 Awesome log aggregator for iOS
Swift
215
star
12

barbeque

Job queue system to run job with Docker
Ruby
196
star
13

LicenseToolsPlugin

Gradle plugin to check library licenses and generate license pages for Android
HTML
174
star
14

grpc_kit

A kit for creating gRPC server/client in Ruby.
Ruby
160
star
15

puree-ios

[Obsoleted] A log collector for iOS (new version! -> https://github.com/cookpad/Puree-Swift)
Objective-C
149
star
16

dmemo

Ruby
132
star
17

dokumi

Automatically check if anything is wrong with the code in a pull request
Ruby
128
star
18

s3ar

A massively fast S3 downloader/uploader
Rust
113
star
19

griffin

gRPC server and client for Ruby
Ruby
100
star
20

android-code-style

Cookpad Android Code Style
Java
89
star
21

elasticfox-ec2tag

Patched Elasticfox (for EC2 Tag) branched from http://aws.amazon.com/developertools/609 and provide standalone version based on http://code.google.com/p/efoxapp/. ELB Tab from hybridfox http://code.google.com/p/hybridfox/
JavaScript
78
star
22

cookpad-pad

Cookpad Pad — A six keys macro pad made by Cookpad.
72
star
23

trice

Provides reference time concept to application. Use it instead of ad-hoc `Time.now`.
Ruby
70
star
24

terraform-aws-eks

A Terraform module to Provision AWS Elastic Kubernetes (EKS) clusters and worker nodes
HCL
68
star
25

global-style-guides

Official style guides for Cookpad Global
67
star
26

issue-reporter-android

Java
61
star
27

cookpad-internship-2015-summer

http://techlife.cookpad.com/entry/2015/09/08/113442
60
star
28

mixed_gauge

A simple and robust database sharding with ActiveRecord.
Ruby
58
star
29

garage_client

Ruby client library for the Garage application API
Ruby
53
star
30

aws-xray

The unofficial AWS X-Ray Tracing SDK for Ruby
Ruby
50
star
31

presentations

The presentations of Cookpad staff
Ruby
48
star
32

blouson

Filter tools to mask sensitive log data for rails
Ruby
48
star
33

pendaxes

Send reminder to developers about their left pending tests!
Ruby
43
star
34

deepalert

Serverless SOAR (Security Orchestration, Automation and Response) framework for automatic inspection and evaluation of security alert
Go
43
star
35

BottomNavWatson

Bottom navigation bar library that allows multiple back stacks and one single navigation graph
Kotlin
40
star
36

cookpad-internship-2016-summer

Docs and materials at Cookpad Internship 2016 Summer
Ruby
39
star
37

react-native-puree

A log collector for React Native
TypeScript
39
star
38

gradle-android-sdk-manager

DEPRECATED
39
star
39

RxT4A

DEPRECATED
Java
38
star
40

murakumo

Murakumo is the internal DNS server which manages name information using a gossip protocol.
Ruby
38
star
41

tokite

Ruby
35
star
42

r53-fox

AWS Route53 GUI client
JavaScript
31
star
43

kumonos

Moved to https://github.com/cookpad/itacho
Ruby
30
star
44

android-crud-paging-v3

Kotlin
29
star
45

itacho

itacho to manage and operate envoy based service mesh.
Go
28
star
46

gem_collector

Collect gems used by applications
Ruby
27
star
47

iam-fox

AWS IAM GUI client
JavaScript
26
star
48

daifuku

A markdown parser and compiler for log definitions in mobile applications
Ruby
25
star
49

sds

Envoy's v1 Service Discovery Service API and v2 Endpoint Discovery Service API
Rust
24
star
50

ViewsWaiter

A reactive approach for updating views that you don't view
Kotlin
23
star
51

streamy

Basic toolset for hooking into event stream
Ruby
21
star
52

cpc1.0

Cookpad Parsed Corpus: a dataset of linguistically annotated recipes (Linguistic Annotation Workshop 2020)
Python
21
star
53

denv

Loads environment variables to `ENV` from `.env` file
Ruby
19
star
54

guard_against_physical_delete

guard_against_physical_delete is monkey patch for ActiveRecord. This patch prevent deleting record physically.
Ruby
19
star
55

2018-newgrads-engineer-portfolio

クックパッド 2018 年度新卒採用選考エントリーシート提出方法と、その時に利用するファイル一式です。
19
star
56

cookpad-internship-2019-summer

Swift
19
star
57

OkReport

Android library to submit reports without leaving the app.
Kotlin
18
star
58

cp8_cli

Cookpad Global CLI
Ruby
18
star
59

armg

Add MySQL geometry type to Active Record.
Ruby
17
star
60

StringsPatcher

An android lib for updating string resources on the fly
Kotlin
14
star
61

sisito

It is sisimai collected data frontend.
Ruby
14
star
62

rgossip2

Basic implementation of a gossip protocol. This is a porting of Java implementation. see http://code.google.com/p/gossip-protocol-java/
Ruby
13
star
63

Phakchi

Pact consumer client library in Swift
Swift
13
star
64

janiConverter

Online transcoder: from movie file to jani-format. Supports VAST integration
Ruby
12
star
65

session_store_relocator

Supports Rails session store relocation with duplicate write session data to multiple stores
Ruby
11
star
66

ecamo

SSL image proxy with JWT authentication
Rust
11
star
67

cookpad-internship-2017-summer

Jupyter Notebook
11
star
68

reuse_query_results

reuse mysql query results
Ruby
11
star
69

onesky-gradle-plugin

Kotlin
11
star
70

techconf2017-network

Ruby
10
star
71

aws-falcon-data-forwarder

CrowdStrike Falcon log forwarder from falcon S3 bucket to your S3 bucket
Go
10
star
72

cookpad-internship-2018-summer

Ruby
10
star
73

raven-transports-fluentd

Send error logs to sentry via fluentd
Ruby
10
star
74

prism

Streaming loader for Amazon Redshift Spectrum
Java
10
star
75

2016-internship-engineer-portfolio

クックパッド 2016 インターンの応募方法と、その時に利用するファイル一式です。
9
star
76

2017-internship-engineer-portfolio

クックパッド サマーインターンシップ 2017 への応募方法についての説明です。
9
star
77

oicy-taste

design information of condiment dispenser "OiCy Taste"
C++
8
star
78

minerva

Serverless Log Search Architecture for Security Monitoring based on Amazon Athena
Go
7
star
79

swift-user-defaults

A series of Swift friendly utilities for Foundation's UserDefaults class.
Swift
7
star
80

spring-internship-2021-lecture-code

TypeScript
7
star
81

dango

A service for managing i18n
Elixir
6
star
82

garage-doorkeeper

Garage extension to integrate doorkeeper gem
Ruby
5
star
83

griffin-interceptors

Ruby
5
star
84

cookpad_departure_defaults

Ruby
5
star
85

cookpad-internship-2020-summer-ios

Swift
4
star
86

android-studio-templates

Provides a set of templates for scaffolding architectural repetitive tasks.
Kotlin
4
star
87

cookpad-performance

Some performance tools we use across our Rails applications
Ruby
4
star
88

cookpad-internship-2020-summer-web

Ruby
4
star
89

wait-side-car

Wait essential side-car containers to be available.
Go
4
star
90

rsolr_cookpad

A Ruby client for Apache Solr (saving weights of the repository by cutting down disused branches and tags)
Ruby
3
star
91

cookpad-internship-2021-summer-ios

Swift
3
star
92

package-scanner-android

WIP
Java
3
star
93

cookpad_mysql_defaults

Cookpad's MySQL defaults
Ruby
3
star
94

mirin

Redirection Service
Haskell
3
star
95

barbeque_client

barbeque client for Ruby
Ruby
3
star
96

cookpad-internship-1day-ruby

Ruby
3
star
97

SocialConnect

OAuth library for Android: retrieves OAuth tokens from multiple social networks.
Kotlin
3
star
98

github-app-installation-token-action

A GitHub Action that can be used to generate scoped credentials for use within your workflow using an App integration.
JavaScript
3
star
99

rubyists-on-rails

Passenger Announcement for Rubyists on Rails.
2
star
100

sisito-api

Sisito API server.
Go
2
star