method
csrf_meta_tags
v3.2.8 -
Show latest stable
-
1 note -
Class: ActionView::Helpers::CsrfHelper
- 1.0.0
- 1.1.6
- 1.2.6
- 2.0.3
- 2.1.0
- 2.2.1
- 2.3.8
- 3.0.0
- 3.0.9
- 3.1.0 (0)
- 3.2.1 (0)
- 3.2.8 (0)
- 3.2.13 (0)
- 4.0.2 (0)
- 4.1.8 (38)
- 4.2.1 (0)
- 4.2.7 (0)
- 4.2.9 (0)
- 5.0.0.1 (0)
- 5.1.7 (0)
- 5.2.3 (-3)
- 6.0.0 (0)
- 6.1.3.1 (0)
- 6.1.7.7 (0)
- 7.0.0 (0)
- 7.1.3.2 (0)
- 7.1.3.4 (0)
- What's this?
csrf_meta_tags()
public
Returns meta tags “csrf-param” and “csrf-token” with the name of the cross-site request forgery protection parameter and token, respectively.
<head> <%= csrf_meta_tags %> </head>
These are used to generate the dynamic forms that implement non-remote links with :method.
Note that regular forms generate hidden fields, and that Ajax calls are whitelisted, so they do not use these tags.
Register or
log in
to add new notes.
gwshaw -
July 25, 2013
0 thanks
Ajax calls no longer whitelisted
As of Rails 3.0.4 and 2.3.11, Ajax calls are no longer whitelisted.
See: http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails/