class Rack::Protection::FormToken

Compatible with rack-csrf. since it might be a security issue, depending on your application This middleware is not used when using the Rack::Protection collection, included in the session. Does not expect such a token from Ajax request. Only accepts submitted forms if a given access token matches the token More infos

en.wikipedia.org/wiki/Cross-site_request_forgery<br>Supported browsers

all Prevented attack: CSRF
#

def accepts?(env)

def accepts?(env)
  env["HTTP_X_REQUESTED_WITH"] == "XMLHttpRequest" or super
end

Modules

Classes

class Rack::Protection::FormToken

def accepts?(env)

Namespace

Parent class

Instance Methods

Defined in