class Rack::Protection::FormToken
- Compatible with Rails and rack-csrf.
since it might be a security issue, depending on your application
This middleware is not used when using the Rack::Protection collection,
included in the session. Does not expect such a token from Ajax request.
Only accepts submitted forms if a given access token matches the token
More infos - en.wikipedia.org/wiki/Cross-site_request_forgery<br>Supported browsers
- all
Prevented attack -
CSRF
#
- all
def accepts?(env)
def accepts?(env) env["HTTP_X_REQUESTED_WITH"] == "XMLHttpRequest" or super end