handle_unverified_request() Instance Public methods This is the method that defines the application behavior when a request is found to be unverified.

new(controller) Class Public methods

handle_unverified_request() Instance Public methods

form_authenticity_param() Instance Protected methods The form's authenticity parameter. Override to provide your own.

form_authenticity_token() Instance Protected methods Sets the token value for the current session.

handle_unverified_request() Instance Protected methods

mark_for_same_origin_verification!() Instance Protected methods GET requests are checked for cross-origin JavaScript after rendering.

marked_for_same_origin_verification?() Instance Protected methods If the `verify_authenticity_token` before_action ran, verify that JavaScript responses are only served to same-origin GET requests.

non_xhr_javascript_response?() Instance Protected methods Check for cross-origin JavaScript responses.

protect_against_forgery?() Instance Protected methods Checks if the controller allows forgery protection.