class Rack::Protection::JsonCsrf

def has_vector?(request, headers)

def has_vector?(request, headers)
  return false if request.xhr?
  return false if options[:allow_if]&.call(request.env)
  return false unless headers['Content-Type'].to_s.split(';', 2).first =~ %r{^\s*application/json\s*$}
  origin(request.env).nil? and referrer(request.env) != request.host
end

Instance Methods