- Extended by:
- Defined in:
CSRF protection is turned on with the
protect_from_forgery method, which checks the token and resets the session if it doesn't match what was expected. A call to this method is generated for new Rails applications by default. You can customize the error message by editing public/422.html.
The token parameter is named
authenticity_token by default. The name and value of this token must be added to every layout that renders forms by including
csrf_meta_tags in the html
Learn more about CSRF attacks and securing your application in the Ruby on Rails Security Guide.
Defined Under Namespace
Methods included from