method

verified_request?

v3.1.0 - Show latest stable - 0 notes - Class: ActionController::RequestForgeryProtection

1.0.0
1.1.0
1.1.1
1.1.6
1.2.0
1.2.6
2.0.0 (0)
2.0.1 (0)
2.0.3 (0)
2.1.0 (0)
2.2.1 (0)
2.3.2 (-4)
2.3.8 (-34)
3.0.0 (0)
3.0.5 (-30)
3.0.7 (0)
3.0.9 (-38)
3.1.0 (-4)
3.2.1 (0)
3.2.3 (0)
3.2.8 (0)
3.2.13 (0)
What's this?

verified_request?() protected

Returns true or false if a request is verified. Checks:

is it a GET request? Gets should be safe and idempotent
Does the form_authenticity_token match the given token value from the params?
Does the X-CSRF-Token header match the form_authenticity_token

# File actionpack/lib/action_controller/metal/request_forgery_protection.rb, line 92
      def verified_request?
        !protect_against_forgery? || request.get? ||
          form_authenticity_token == params[request_forgery_protection_token] ||
          form_authenticity_token == request.headers['X-CSRF-Token']
      end

verified_request?

Related methods

Flowdock - Team Inbox With Chat