Set Ring-Anti-Forgery CSRF header token

Question

I\'m attempting to implement the Ring-Anti-Forgery library via setting the X-CSRF-Token in the header.

Since I am using static html files I found the built-in hiccup

Answer 1

I created a repository https://github.com/edbond/CSRF with example. Readme describes process needed to POST requests with CSRF token.

In short (for API calls, curl):

1. Get CSRF Token and session cookie from server (server will store CSRF token inside your session which identified by cookie)

2. Send X-CSRF-Token and cookie along with POST request (server will compare CSRF token with that stored inside your session identified by cookie)

cookie -> session -> CSRF-Token

For HTML, form POSTing it should be enough to include (anti-forgery-field) to forms. Note, you can also send form field instead of header using curl.

HTH