Module ActionController::RequestForgeryProtection
In: lib/action_controller/request_forgery_protection.rb

Methods

Classes and Modules

Module ActionController::RequestForgeryProtection::ClassMethods

Public Class methods

Protected Instance methods

Sets the token value for the current session. Pass a :secret option in protect_from_forgery to add a custom salt to the hash.

Returns true or false if a request is verified. Checks:

  • is the format restricted? By default, only HTML requests are checked.
  • is it a GET request? Gets should be safe and idempotent
  • Does the form_authenticity_token match the given token value from the params?

The actual before_filter that is used. Modify this to change how you handle unverified requests.

[Validate]