module MnoEnterprise::Concerns::Controllers::AngularCSRF

This module allow Angular to works well with Rails CSRF protection It's intended for AngularJS app served outside of the Rails asset pipeline. See

- https://technpol.wordpress.com/2014/04/17/rails4-angularjs-csrf-and-devise/
- https://technpol.wordpress.com/2014/08/22/10-adding-devise-integration-logon-and-security/

for more details

Public Instance Methods

render_with_protection(object, parameters = {}) click to toggle source

JSON / JSONP XSS protection

# File lib/mno_enterprise/concerns/controllers/angular_csrf.rb, line 38
def render_with_protection(object, parameters = {})
  render parameters.merge(content_type: 'application/json', text: ")]}',\n" + object.to_json)
end
verified_request?() click to toggle source
Calls superclass method
# File lib/mno_enterprise/concerns/controllers/angular_csrf.rb, line 33
def verified_request?
  super || valid_authenticity_token?(session, request.headers['X-XSRF-TOKEN'])
end