Module: Jets::Controller::ForgeryProtection
- Extended by:
- ActiveSupport::Concern
- Included in:
- Base
- Defined in:
- lib/jets/controller/forgery_protection.rb
Instance Method Summary collapse
-
#verify_authenticity_token ⇒ Object
Instance methods.
Instance Method Details
#verify_authenticity_token ⇒ Object
Instance methods
32 33 34 35 36 37 38 39 40 41 |
# File 'lib/jets/controller/forgery_protection.rb', line 32 def verify_authenticity_token return true if Jets.env.test? || request.get? || request.head? token = session[:authenticity_token] verified = !token.nil? && (token == params[:authenticity_token] || token == request.headers["x-csrf-token"]) unless verified raise Error::InvalidAuthenticityToken end end |