module MnoEnterprise::Concerns::Controllers::AngularCSRF
This module allow Angular to works well with Rails CSRF protection It's intended for AngularJS app served outside of the Rails asset pipeline. See
- https://technpol.wordpress.com/2014/04/17/rails4-angularjs-csrf-and-devise/ - https://technpol.wordpress.com/2014/08/22/10-adding-devise-integration-logon-and-security/
for more details
Public Instance Methods
render_with_protection(object, parameters = {})
click to toggle source
JSON / JSONP XSS protection
# File lib/mno_enterprise/concerns/controllers/angular_csrf.rb, line 38 def render_with_protection(object, parameters = {}) render parameters.merge(content_type: 'application/json', text: ")]}',\n" + object.to_json) end
verified_request?()
click to toggle source
Calls superclass method
# File lib/mno_enterprise/concerns/controllers/angular_csrf.rb, line 33 def verified_request? super || valid_authenticity_token?(session, request.headers['X-XSRF-TOKEN']) end