module ActionView::Helpers::CsrfHelper
def csrf_meta_tags
+X-CSRF-Token+ HTTP header. If you are using rails-ujs, this happens automatically.
For Ajax requests other than GETs, extract the "csrf-token" from the meta-tag and send as the
You don't need to use these tags for regular forms as they generate their own hidden fields.
:method.
These are used to generate the dynamic forms that implement non-remote links with
<%= csrf_meta_tags %>
request forgery protection parameter and token, respectively.
Returns meta tags "csrf-param" and "csrf-token" with the name of the cross-site
def csrf_meta_tags if defined?(protect_against_forgery?) && protect_against_forgery? [ tag("meta", name: "csrf-param", content: request_forgery_protection_token), tag("meta", name: "csrf-token", content: form_authenticity_token) ].join("\n").html_safe end end