TheOdinProject
Ruby On Rails : Explain CSRF security token
Checks
- [x] This is not a duplicate of an existing issue (please have a look through our open issues list to make sure)
- [x] I have thoroughly read and understand The Odin Project Contributing Guide
- [ ] Would you like to work on this issue?
Describe your suggestion
Form helpers adds auth token in hidden field type input. The lesson claims it talked about this CSRF security token :
"Start by making a form using the form_with helper, which takes a block representing all the inputs to the form. It takes care of the CSRF security token we talked about above"
but there was no such talk about CSRF.
This content has had some changes a bit recently because of Turbo, so it's probably just an oversight when those edits were happening. - Josh
Path
Ruby / Rails
Lesson Url
https://www.theodinproject.com/lessons/ruby-on-rails-form-basics#form-helpers-formwith
(Optional) Discord Name
No response
(Optional) Additional Comments
No response
Hi! I'd like to work on this issue for Hacktoberfest 🎃
I plan to add a clear explanation of CSRF security tokens in the lesson before the form_with helper section. I'll include:
- What CSRF tokens are and why they're important for security
- How Rails automatically handles CSRF protection
- A brief explanation of how form_with includes the authenticity token
This will be done by editing the markdown lesson file. Can you please assign this issue to me? Thanks!
@CouchofTomato
should we open this issue for other contributors like in https://github.com/TheOdinProject/curriculum/issues/30253#issuecomment-3547303239 ?
Unassigned as per that comment, which I agree with. @CouchofTomato would you also be able to clarify acceptance criteria? e.g. it's not clear if the desired action is to add content about CSRF tokens or to remove the bit that refers to the non-existent content.
Apologies for the delay.
I think we need to add a small section about CSRF tokens. It's something quite important to the way rails processes forms.