employer cover photo
employer logo
employer logo

Scorg International

Is this your company?

Scorg International interview question

What is CSRF? How does Rails protect against it?

Interview Answer

Anonymous

11 June 2016

CSRF stands for Cross-Site Request Forgery. This is a form of an attack where the attacker submits a form on your behalf to a different website, potentially causing damage or revealing sensitive information. Since browsers will automatically include cookies for a domain on a request, if you were recently logged in to the target site, the attacker’s request will appear to come from you as a logged-in user (as your session cookie will be sent with the POST request).