123456789_123456789_123456789_123456789_123456789_

Class: Rack::Protection::FormToken

Relationships & Source Files
Super Chains via Extension / Inclusion / Inheritance
Class Chain:
Instance Chain:
Inherits: Rack::Protection::AuthenticityToken
Defined in: rack-protection/lib/rack/protection/form_token.rb

Overview

Prevented attack:: CSRF Supported browsers:: all More infos:: http://en.wikipedia.org/wiki/Cross-site_request_forgery

Only accepts submitted forms if a given access token matches the token included in the session. Does not expect such a token from Ajax request.

This middleware is not used when using the ::Rack::Protection collection, since it might be a security issue, depending on your application

Compatible with rack-csrf.

Constant Summary

Base - Inherited

DEFAULT_OPTIONS

AuthenticityToken - Inherited

GLOBAL_TOKEN_IDENTIFIER, TOKEN_LENGTH

Class Method Summary

Instance Attribute Summary

Base - Inherited

Instance Method Summary

Constructor Details

This class inherits a constructor from Rack::Protection::Base

Instance Method Details

#accepts?(env) ⇒ Boolean

[ GitHub ]

  
# File 'rack-protection/lib/rack/protection/form_token.rb', line 20

def accepts?(env)
  env['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest' or super
end