Module | ActionController::RequestForgeryProtection |
In: |
vendor/rails/actionpack/lib/action_controller/request_forgery_protection.rb
|
# File vendor/rails/actionpack/lib/action_controller/request_forgery_protection.rb, line 6 6: def self.included(base) 7: base.class_eval do 8: helper_method :form_authenticity_token 9: helper_method :protect_against_forgery? 10: end 11: base.extend(ClassMethods) 12: end
# File vendor/rails/actionpack/lib/action_controller/request_forgery_protection.rb, line 98 98: def form_authenticity_param 99: params[request_forgery_protection_token] 100: end
Sets the token value for the current session. Pass a :secret option in protect_from_forgery to add a custom salt to the hash.
# File vendor/rails/actionpack/lib/action_controller/request_forgery_protection.rb, line 108 108: def form_authenticity_token 109: session[:_csrf_token] ||= ActiveSupport::SecureRandom.base64(32) 110: end
# File vendor/rails/actionpack/lib/action_controller/request_forgery_protection.rb, line 82 82: def handle_unverified_request 83: reset_session 84: end
# File vendor/rails/actionpack/lib/action_controller/request_forgery_protection.rb, line 112 112: def protect_against_forgery? 113: allow_forgery_protection && request_forgery_protection_token 114: end
# File vendor/rails/actionpack/lib/action_controller/request_forgery_protection.rb, line 102 102: def verifiable_request_format? 103: !request.content_type.nil? && request.content_type.verify_request? 104: end
Returns true or false if a request is verified. Checks:
# File vendor/rails/actionpack/lib/action_controller/request_forgery_protection.rb, line 91 91: def verified_request? 92: !protect_against_forgery? || 93: request.get? || 94: form_authenticity_token == form_authenticity_param || 95: form_authenticity_token == request.headers['X-CSRF-Token'] 96: end