class Pakyow::Security::CSRF::VerifyAuthenticityToken
Protects against Cross-Site Forgery Requests (CSRF
). www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet
Requires a valid token be passed as a request parameter. The token consists of a client id (unique to the request) and a digest generated from the client id and the server id stored in the session.
@see Pakyow::Support::MessageVerifier
Public Instance Methods
allowed?(connection)
click to toggle source
# File lib/pakyow/security/csrf/verify_authenticity_token.rb, line 20 def allowed?(connection) connection.verifier.verify(connection.params[connection.app.config.security.csrf.param]) end