csrf_meta_tags
- 1.0.0
- 1.1.6
- 1.2.6
- 2.0.3
- 2.1.0
- 2.2.1
- 2.3.8
- 3.0.0
- 3.0.9
- 3.1.0 (0)
- 3.2.1 (0)
- 3.2.8 (0)
- 3.2.13 (0)
- 4.0.2 (0)
- 4.1.8 (38)
- 4.2.1 (0)
- 4.2.7 (0)
- 4.2.9 (0)
- 5.0.0.1 (0)
- 5.1.7 (0)
- 5.2.3 (-3)
- 6.0.0 (0)
- 6.1.3.1 (0)
- 6.1.7.7 (0)
- 7.0.0 (0)
- 7.1.3.2 (0)
- What's this?
csrf_meta_tags()
public
Returns meta tags “csrf-param” and “csrf-token” with the name of the cross-site request forgery protection parameter and token, respectively.
<head> <%= csrf_meta_tags %> </head>
These are used to generate the dynamic forms that implement non-remote links with :method.
Note that regular forms generate hidden fields, and that Ajax calls are whitelisted, so they do not use these tags.
Ajax calls no longer whitelisted
As of Rails 3.0.4 and 2.3.11, Ajax calls are no longer whitelisted.
See: http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails/