How to Handle CSRF Authentication in Rails and React
Prerequisites This tutorial follows my previous post on handling Rails API authentication with React frontend. You can follow along without it, but I assume: You’re using Ruby on Rails with a React frontend You’ve implemented cookie‑based authentication How it works After login, the browser stores a secure cookie that’s automatically appended to every client request. An attacker’s site can forge requests on the user’s behalf, and they’ll be authenticated. Attack vector: Another site issues requests to your site while pretending to be the user. ...