csrf_meta_tags() public

Returns meta tags “csrf-param” and “csrf-token” with the name of the cross-site request forgery protection parameter and token, respectively.

<head>
  <%= csrf_meta_tags %>
</head>

These are used to generate the dynamic forms that implement non-remote links with :method.

You don’t need to use these tags for regular forms as they generate their own hidden fields.

For Ajax requests other than GETs, extract the “csrf-token” from the meta-tag and send as the X-CSRF-Token HTTP header. If you are using rails-ujs, this happens automatically.

Show source
Register or log in to add new notes.
July 25, 2013
0 thanks