module ActionController::RequestForgeryProtection

def verified_request?

* Does the X-CSRF-Token header match the form_authenticity_token
* Does the form_authenticity_token match the given token value from the params?
* is it a GET request? Gets should be safe and idempotent

Returns true or false if a request is verified. Checks:

def verified_request?
  !protect_against_forgery? || request.get? ||
    form_authenticity_token == params[request_forgery_protection_token] ||
    form_authenticity_token == request.headers['X-CSRF-Token']
end

Instance Methods

# form_authenticity_param
# form_authenticity_token
# handle_unverified_request
# protect_against_forgery?
# verified_request?
# verify_authenticity_token

Modules

Classes

module ActionController::RequestForgeryProtection

def verified_request?

Instance Methods