Module: ActionView::Helpers::CsrfHelper
- Included in:
- ActionView::Helpers
- Defined in:
- lib/action_view/helpers/csrf_helper.rb
Overview
:nodoc:
Instance Method Summary collapse
-
#csrf_meta_tags ⇒ Object
(also: #csrf_meta_tag)
Returns meta tags “csrf-param” and “csrf-token” with the name of the cross-site request forgery protection parameter and token, respectively.
Instance Method Details
#csrf_meta_tags ⇒ Object Also known as: csrf_meta_tag
Returns meta tags “csrf-param” and “csrf-token” with the name of the cross-site request forgery protection parameter and token, respectively.
<head>
<%= csrf_meta_tags %>
</head>
These are used to generate the dynamic forms that implement non-remote links with :method
.
You don't need to use these tags for regular forms as they generate their own hidden fields.
For AJAX requests other than GETs, extract the “csrf-token” from the meta-tag and send as the “X-CSRF-Token” HTTP header. If you are using rails-ujs this happens automatically.
22 23 24 25 26 27 28 29 |
# File 'lib/action_view/helpers/csrf_helper.rb', line 22 def if protect_against_forgery? [ tag("meta", name: "csrf-param", content: request_forgery_protection_token), tag("meta", name: "csrf-token", content: form_authenticity_token) ].join("\n").html_safe end end |