method

verified_request?

v4.0.2 - Show latest stable - Class: ActionController::RequestForgeryProtection

verified_request?()

protected

Returns true or false if a request is verified. Checks:

is it a GET or HEAD request? Gets should be safe and idempotent
Does the form_authenticity_token match the given token value from the params?
Does the X-CSRF-Token header match the form_authenticity_token

# File actionpack/lib/action_controller/metal/request_forgery_protection.rb, line 186
      def verified_request?
        !protect_against_forgery? || request.get? || request.head? ||
          form_authenticity_token == params[request_forgery_protection_token] ||
          form_authenticity_token == request.headers['X-CSRF-Token']
      end

verified_request?

Related methods