verified_request?() Instance Protected methods Returns true or false if a request is verified. Checks: is it a GET or HEAD request? Gets should be safe and idempotent Does the #form_authenticity_token match the given token value from the params? Does the X-CSRF-Token header match the #form_authenticity_token

verify_authenticity_token() Instance Protected methods The actual before_action that is used to verify the CSRF token. Don't override this directly. Provide your own forgery protection strategy instead. If you override, you'll disable same-origin `<script>` verification. Lean on the protect_from_forgery declaration to mark which actions are due for same-origin request verification. If protect_from_forgery is enabled on an action, this before_action flags its after_action to v

verify_same_origin_request() Instance Protected methods If `verify_authenticity_token` was run (indicating that we have forgery protection enabled for this request) then also verify that we aren't serving an unauthorized cross-origin response.

rescue_with_handler(exception) Instance Public methods

show_detailed_exceptions?() Instance Public methods Override this method if you want to customize when detailed exceptions must be shown. This method is only called when consider_all_requests_local is false. By default, it returns false, but someone may set it to `request.local?` so local requests in production still shows the detailed exception pages.

call(*args) Class Public methods Initializes a new responder and invokes the proper format. If the format is not defined, call to_format.

new(controller, resources, options={}) Class Public methods

respond() Instance Public methods Main entry point for responder responsible to dispatch to the proper format.

to_format() Instance Public methods All other formats follow the procedure below. First we try to render a template, if the template is not available, we verify if the resource responds to :to_format and display it.

to_html() Instance Public methods HTML format does not render the resource, it always attempt to render a template.