class Rack::Protection::JsonCsrf

def has_vector?(request, headers)

def has_vector?(request, headers)
  return false if request.xhr?
  return false if options[:allow_if] && options[:allow_if].call(request.env)
  return false unless headers['Content-Type'].to_s.split(';', 2).first =~ /^\s*application\/json\s*$/
  origin(request.env).nil? and referrer(request.env) != request.host
end

Instance Methods