Sha256: 6e71056277528e73fdb16dd4aad3c8a9768ccb51b4c47ed3880d81089a4f45ed
Contents?: true
Size: 758 Bytes
Versions: 16
Compression:
Stored size: 758 Bytes
Contents
# frozen_string_literal: true
require 'rack/protection'
module Rack
module Protection
##
# Prevented attack:: CSRF
# Supported browsers:: all
# More infos:: http://en.wikipedia.org/wiki/Cross-site_request_forgery
#
# Only accepts submitted forms if a given access token matches the token
# included in the session. Does not expect such a token from Ajax request.
#
# This middleware is not used when using the Rack::Protection collection,
# since it might be a security issue, depending on your application
#
# Compatible with rack-csrf.
class FormToken < AuthenticityToken
def accepts?(env)
env['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest' or super
end
end
end
end
Version data entries
16 entries across 16 versions & 2 rubygems