csrf_meta_tags() public

Returns meta tags “csrf-param” and “csrf-token” with the name of the cross-site request forgery protection parameter and token, respectively.

<head>
  <%= csrf_meta_tags %>
</head>

These are used to generate the dynamic forms that implement non-remote links with :method.

Note that regular forms generate hidden fields, and that Ajax calls are whitelisted, so they do not use these tags.

Show source
Register or log in to add new notes.
July 25, 2013
0 thanks