method

verified_request?

v2.2.1 - Show latest stable - 0 notes - Class: ActionController::RequestForgeryProtection

1.0.0
1.1.6
1.2.6
2.0.3 (0)
2.1.0 (0)
2.2.1 (0)
2.3.8 (-21)
3.0.0 (0)
3.0.9 (-38)
3.1.0 (-2)
3.2.1 (0)
3.2.8 (0)
3.2.13 (0)
4.0.2 (17)
4.1.8 (0)
4.2.1 (0)
4.2.7 (0)
4.2.9 (0)
5.0.0.1 (0)
5.1.7 (0)
5.2.3 (0)
6.0.0 (0)
6.1.3.1 (0)
6.1.7.7 (0)
7.0.0 (0)
7.1.3.2 (4)
7.1.3.4 (0)
7.2.3 (21)
8.0.0 (0)
8.1.1 (0)
What's this?

verified_request?() protected

Returns true or false if a request is verified. Checks:

is the format restricted? By default, only HTML and AJAX requests are checked.
is it a GET request? Gets should be safe and idempotent
Does the form_authenticity_token match the given _token value from the params?

# File actionpack/lib/action_controller/request_forgery_protection.rb, line 94
      def verified_request?
        !protect_against_forgery?     ||
          request.method == :get      ||
          !verifiable_request_format? ||
          form_authenticity_token == params[request_forgery_protection_token]
      end

verified_request?

Related methods