Module: ActionController::RequestForgeryProtection

Files

actionpack/lib/action_controller/request_forgery_protection.rb

Methods

form_authenticity_token
included
protect_against_forgery?
verifiable_request_format?
verified_request?
verify_authenticity_token

Classes and Modules

Module ActionController::RequestForgeryProtection::ClassMethods

Public Class methods

included (base)

Protected Instance methods

form_authenticity_token ()

Sets the token value for the current session. Pass a :secret option in protect_from_forgery to add a custom salt to the hash.

protect_against_forgery? ()

verifiable_request_format? ()

verified_request? ()

Returns true or false if a request is verified. Checks:

is the format restricted? By default, only HTML and AJAX requests are checked.
is it a GET request? Gets should be safe and idempotent
Does the form_authenticity_token match the given token value from the params?

verify_authenticity_token ()

The actual before_filter that is used. Modify this to change how you handle unverified requests.