method

allow_request_origin?

Importance_0
Ruby on Rails latest stable (v6.1.7.7) - 0 notes - Class: Base
allow_request_origin?() private

No documentation

This method has no description. You can help the Ruby on Rails community by adding new notes.

Hide source
# File actioncable/lib/action_cable/connection/base.rb, line 201
        def allow_request_origin?
          return true if server.config.disable_request_forgery_protection

          proto = Rack::Request.new(env).ssl? ? "https" : "http"
          if server.config.allow_same_origin_as_host && env["HTTP_ORIGIN"] == "#{proto}://#{env['HTTP_HOST']}"
            true
          elsif Array(server.config.allowed_request_origins).any? { |allowed_origin|  allowed_origin === env["HTTP_ORIGIN"] }
            true
          else
            logger.error("Request origin not allowed: #{env['HTTP_ORIGIN']}")
            false
          end
        end
Register or log in to add new notes.