class Rack::Protection::AuthenticityToken

Compatible with Rails and rack-csrf. included in the session. Only accepts unsafe HTTP requests if a given access token matches the token More infos

en.wikipedia.org/wiki/Cross-site_request_forgery<br>Supported browsers

all Prevented attack: CSRF
#

def accepts?(env)

def accepts?(env)
  return true if safe? env
  session = session env
  token   = session[:csrf] ||= session['_csrf_token'] || random_string
  env['HTTP_X_CSRF_TOKEN'] == token or
    Request.new(env).params['authenticity_token'] == token
end

Modules

Classes

class Rack::Protection::AuthenticityToken

def accepts?(env)

Namespace

Parent class

Instance Methods

Defined in