RSpec
Ruby on Rails
Ruby
method
verify_authenticity_token
v6.1.7.7 -
Show latest stable
-
0 notes -
Class: ActionController::RequestForgeryProtection
- 1.0.0
- 1.1.6
- 1.2.6
- 2.0.3 (0)
- 2.1.0 (0)
- 2.2.1 (0)
- 2.3.8 (0)
- 3.0.0 (0)
- 3.0.9 (0)
- 3.1.0 (0)
- 3.2.1 (0)
- 3.2.8 (0)
- 3.2.13 (0)
- 4.0.2 (0)
- 4.1.8 (38)
- 4.2.1 (0)
- 4.2.7 (0)
- 4.2.9 (0)
- 5.0.0.1 (0)
- 5.1.7 (0)
- 5.2.3 (1)
- 6.0.0 (0)
- 6.1.3.1 (0)
- 6.1.7.7 (0)
- 7.0.0 (0)
- 7.1.3.2 (0)
- 7.1.3.4 (0)
- 7.2.3 (-1)
- 8.0.0 (0)
- 8.1.1 (0)
- What's this?
-
included
(<= v2.3.8)
-
new
(>= v7.1.3.2)
-
any_authenticity_token_valid?
-
authenticity_token_from_coo...
(<= v2.2.1)
-
authenticity_token_from_ses...
(<= v2.2.1)
-
commit_csrf_token
(>= v7.1.3.2)
-
compare_with_global_token
-
compare_with_real_token
-
csrf_token_hmac
-
decode_csrf_token
-
encode_csrf_token
-
form_authenticity_param
-
form_authenticity_token
-
generate_csrf_token
-
global_csrf_token
-
handle_unverified_request
-
marked_for_same_origin_veri...
-
mark_for_same_origin_verifi...
-
masked_authenticity_token
-
mask_token
-
non_xhr_javascript_response?
-
normalize_action_path
-
normalize_relative_action_path
(>= v7.2.3)
-
per_form_csrf_token
-
protect_against_forgery?
-
protect_from_forgery
(<= v3.0.0)
-
real_csrf_token
-
request_authenticity_tokens
-
reset_csrf_token
(>= v7.1.3.2)
-
unmask_token
-
unverified_request_warning_...
(>= v7.0.0)
-
valid_authenticity_token?
-
valid_per_form_csrf_token?
-
valid_request_origin?
-
verifiable_request_format?
(<= v2.3.8)
-
verified_request?
-
verify_authenticity_token
-
verify_same_origin_request
-
xor_byte_strings
= private
= protected
verify_authenticity_token()
private
The actual before_action that is used to verify the CSRF token. Don’t override this directly. Provide your own forgery protection strategy instead. If you override, you’ll disable same-origin <script> verification.
Lean on the protect_from_forgery declaration to mark which actions are due for same-origin request verification. If protect_from_forgery is enabled on an action, this before_action flags its after_action to verify that JavaScript responses are for XHR requests, ensuring they follow the browser’s same-origin policy.
