csrf_meta_tags

csrf_meta_tags()

Instance Public methods

Returns meta tags âcsrf-paramâ and âcsrf-tokenâ with the name of the cross-site request forgery protection parameter and token, respectively.

<head>
  <%= csrf_meta_tags %>
</head>

These are used to generate the dynamic forms that implement non-remote links with :method.

You don't need to use these tags for regular forms as they generate their own hidden fields.

For AJAX requests other than GETs, extract the âcsrf-tokenâ from the meta-tag and send as the âX-CSRF-Tokenâ HTTP header. If you are using jQuery with jquery-rails this happens automatically.

csrf_meta_tag

Links:

https://github.com/rails/rails/blob/08525e3ef172873a5fa525b27f445012d9e226c3/actionview/lib/action_view/helpers/csrf_helper.rb#L20

doc_ruby_on_rails

2015-06-20 00:00:00

Comments