verify_authenticity_token

verify_authenticity_token()
Instance Protected methods

The actual before_action that is used to verify the CSRF token. Don't override this directly. Provide your own forgery protection strategy instead. If you override, you'll disable same-origin `<script>` verification.

Lean on the protect_from_forgery declaration to mark which actions are due for same-origin request verification. If protect_from_forgery is enabled on an action, this before_action flags its after_action to verify that JavaScript responses are for XHR requests, ensuring they follow the browser's same-origin policy.

doc_ruby_on_rails
2015-06-20 00:00:00
Comments
Leave a Comment

Please login to continue.