Class: Rack::Protection::RemoteToken
| Relationships & Source Files | |
| Super Chains via Extension / Inclusion / Inheritance | |
|
Class Chain:
self,
AuthenticityToken,
Base
|
|
|
Instance Chain:
self,
AuthenticityToken,
Base
|
|
| Inherits: |
Rack::Protection::AuthenticityToken
|
| Defined in: | rack-protection/lib/rack/protection/remote_token.rb |
Overview
Prevented attack:: CSRF Supported browsers:: all More infos:: http://en.wikipedia.org/wiki/Cross-site_request_forgery
Only accepts unsafe HTTP requests if a given access token matches the token included in the session or the request comes from the same origin.
Compatible with rack-csrf.
Constant Summary
Base - Inherited
AuthenticityToken - Inherited
Class Method Summary
AuthenticityToken - Inherited
Base - Inherited
Instance Attribute Summary
Instance Method Summary
AuthenticityToken - Inherited
| #accepts?, #mask_authenticity_token, #compare_with_global_token, #compare_with_per_form_token, #compare_with_real_token, #decode_token, #encode_token, #global_token, | |
| #mask_token | Creates a masked version of the authenticity token that varies on each request. |
| #masked_token?, #per_form_token, #real_token, #set_token, #token_hmac, | |
| #unmask_token | Essentially the inverse of |
| #unmasked_token?, | |
| #valid_token? | Checks the client's masked token to see if it matches the session token. |
| #xor_byte_strings | |
Base - Inherited
| #accepts?, #call, #debug, #default_options, | |
| #default_reaction | Alias for Base#deny. |
| #deny, #drop_session, #encrypt, #html?, #instrument, #origin, #random_string, #react, #referrer, #report, #safe?, #secure_compare, #session, #session?, #warn | |
Constructor Details
This class inherits a constructor from Rack::Protection::Base
Instance Method Details
#accepts?(env) ⇒ Boolean
# File 'rack-protection/lib/rack/protection/remote_token.rb', line 19
def accepts?(env) super or referrer(env) == Request.new(env).host end