class Rack::Protection::RemoteReferrer

Prevented attack

CSRF

Supported browsers

all

More infos

en.wikipedia.org/wiki/Cross-site_request_forgery

Does not accept unsafe HTTP requests if the Referer [sic] header is set to a different host.

Public Instance Methods

accepts?(env) click to toggle source
# File lib/rack/protection/remote_referrer.rb, line 17
def accepts?(env)
  safe?(env) or referrer(env) == Request.new(env).host
end