class Rack::Protection::FormToken
- Prevented attack
-
CSRF
- Supported browsers
-
all
- More infos
Only accepts submitted forms if a given access token matches the token included in the session. Does not expect such a token from Ajax request.
This middleware is not used when using the Rack::Protection
collection, since it might be a security issue, depending on your application
Compatible with rack-csrf.
Public Instance Methods
accepts?(env)
click to toggle source
Calls superclass method
Rack::Protection::AuthenticityToken#accepts?
# File lib/rack/protection/form_token.rb, line 20 def accepts?(env) env['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest' or super end