class Pakyow::Security::CSRF::VerifyAuthenticityToken

Protects against Cross-Site Forgery Requests (CSRF). www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet

Requires a valid token be passed as a request parameter. The token consists of a client id (unique to the request) and a digest generated from the client id and the server id stored in the session.

@see Pakyow::Support::MessageVerifier

Public Instance Methods

allowed?(connection) click to toggle source
# File lib/pakyow/security/csrf/verify_authenticity_token.rb, line 20
def allowed?(connection)
  connection.verifier.verify(connection.params[connection.app.config.security.csrf.param])
end