RSpec
Ruby on Rails
Ruby
method
verify_authenticity_token
Ruby on Rails latest stable (v7.1.3.2)
-
0 notes -
Class: ActionController::RequestForgeryProtection
-
included
(<= v2.3.8)
-
new
-
any_authenticity_token_valid?
-
authenticity_token_from_coo...
(<= v2.2.1)
-
authenticity_token_from_ses...
(<= v2.2.1)
-
commit_csrf_token
-
compare_with_global_token
-
compare_with_real_token
-
csrf_token_hmac
-
decode_csrf_token
-
encode_csrf_token
-
form_authenticity_param
-
form_authenticity_token
-
generate_csrf_token
-
global_csrf_token
-
handle_unverified_request
-
marked_for_same_origin_veri...
-
mark_for_same_origin_verifi...
-
masked_authenticity_token
-
mask_token
-
non_xhr_javascript_response?
-
normalize_action_path
-
per_form_csrf_token
-
protect_against_forgery?
-
protect_from_forgery
(<= v3.0.0)
-
real_csrf_token
-
request_authenticity_tokens
-
reset_csrf_token
-
unmask_token
-
unverified_request_warning_...
-
valid_authenticity_token?
-
valid_per_form_csrf_token?
-
valid_request_origin?
-
verifiable_request_format?
(<= v2.3.8)
-
verified_request?
-
verify_authenticity_token
-
verify_same_origin_request
-
xor_byte_strings
= private
= protected
verify_authenticity_token()
private
The actual before_action that is used to verify the CSRF token. Don’t override this directly. Provide your own forgery protection strategy instead. If you override, you’ll disable same-origin <script> verification.
Lean on the protect_from_forgery declaration to mark which actions are due for same-origin request verification. If protect_from_forgery is enabled on an action, this before_action flags its after_action to verify that JavaScript responses are for XHR requests, ensuring they follow the browser’s same-origin policy.
