class Rack::Protection::RemoteReferrer
- (FTP/HTTPS/…).
Combine with NoReferrer to also block remote requests from non-HTTP pages
a different host.
Does not accept unsafe HTTP requests if the Referer [sic] header is set to
More infos - en.wikipedia.org/wiki/Cross-site_request_forgery<br>Supported browsers
- all
Prevented attack -
CSRF
#
- all
def accepts?(env)
def accepts?(env) safe?(env) or referrer(env) == Request.new(env).host end