method

verify_same_origin_request

v4.2.1 - Show latest stable - Class: ActionController::RequestForgeryProtection

verify_same_origin_request()

protected

If `verify_authenticity_token` was run (indicating that we have forgery protection enabled for this request) then also verify that we aren’t serving an unauthorized cross-origin response.

# File actionpack/lib/action_controller/metal/request_forgery_protection.rb, line 222
      def verify_same_origin_request
        if marked_for_same_origin_verification? && non_xhr_javascript_response?
          logger.warn CROSS_ORIGIN_JAVASCRIPT_WARNING if logger
          raise ActionController::InvalidCrossOriginRequest, CROSS_ORIGIN_JAVASCRIPT_WARNING
        end
      end

verify_same_origin_request

Related methods