0

I'm developing a rails app that use devise to manage users, and I want to prevent user from signing into my app directly. (can I just prevent it by removing all the relevant routes?)

I have removed the front end logic, but I know that browser is not the only way to access a website. People can also use tools like curl to access website, so I want to know how people do that so I can better prevent it.

Henry Yang
  • 1,341
  • 2
  • 15
  • 27
  • 1
    If you have API app Without access_token no one can login through API and every time when you submit a request or a form there is a token generated by rails. Authenticity token is well explained it [here](https://stackoverflow.com/questions/941594/understanding-the-rails-authenticity-token). – t s Sep 11 '18 at 11:35
  • 1
    [This](https://medium.com/rubyinside/a-deep-dive-into-csrf-protection-in-rails-19fa0a42c0ef) is also good article about CSRF tokens and also refer to [rails-guide](https://guides.rubyonrails.org/security.html). – t s Sep 11 '18 at 11:42
  • @ts can I just prevent it by removing all the relevant routes? – Henry Yang Sep 12 '18 at 00:52
  • 1
    Yes you can prevent. – t s Sep 12 '18 at 05:05

0 Answers0