Class: Rack::Protection::FormToken
Relationships & Source Files | |
Super Chains via Extension / Inclusion / Inheritance | |
Class Chain:
self,
AuthenticityToken ,
Base
|
|
Instance Chain:
self,
AuthenticityToken ,
Base
|
|
Inherits: |
Rack::Protection::AuthenticityToken
|
Defined in: | rack-protection/lib/rack/protection/form_token.rb |
Overview
Prevented attack:: CSRF Supported browsers:: all More infos:: http://en.wikipedia.org/wiki/Cross-site_request_forgery
Only accepts submitted forms if a given access token matches the token included in the session. Does not expect such a token from Ajax request.
This middleware is not used when using the ::Rack::Protection
collection,
since it might be a security issue, depending on your application
Compatible with rack-csrf.
Constant Summary
Base
- Inherited
AuthenticityToken
- Inherited
Class Method Summary
AuthenticityToken
- Inherited
Base
- Inherited
Instance Attribute Summary
Instance Method Summary
AuthenticityToken
- Inherited
#accepts?, #mask_authenticity_token, #compare_with_global_token, #compare_with_per_form_token, #compare_with_real_token, #decode_token, #encode_token, #global_token, | |
#mask_token | Creates a masked version of the authenticity token that varies on each request. |
#masked_token?, #per_form_token, #real_token, #set_token, #token_hmac, | |
#unmask_token | Essentially the inverse of |
#unmasked_token?, | |
#valid_token? | Checks the client's masked token to see if it matches the session token. |
#xor_byte_strings |
Base
- Inherited
#accepts?, #call, #debug, #default_options, | |
#default_reaction | Alias for Base#deny. |
#deny, #drop_session, #encrypt, #html?, #instrument, #origin, #random_string, #react, #referrer, #report, #safe?, #secure_compare, #session, #session?, #warn |
Constructor Details
This class inherits a constructor from Rack::Protection::Base
Instance Method Details
#accepts?(env) ⇒ Boolean
# File 'rack-protection/lib/rack/protection/form_token.rb', line 20
def accepts?(env) env['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest' or super end