Class Index [+]

Quicksearch

ActionController::RequestForgeryProtection::ClassMethods

Public Instance Methods

protect_from_forgery(options = {}) click to toggle source

Turn on request forgery protection. Bear in mind that only non-GET, HTML/JavaScript requests are checked.

Example:

  class FooController < ApplicationController
    protect_from_forgery :except => :index

    # you can disable csrf protection on controller-by-controller basis:
    skip_before_filter :verify_authenticity_token
  end

Valid Options:

  • :only/:except - Passed to the before_filter call. Set which actions are verified.

    # File lib/action_controller/metal/request_forgery_protection.rb, line 81
81:       def protect_from_forgery(options = {})
82:         self.request_forgery_protection_token ||= :authenticity_token
83:         before_filter :verify_authenticity_token, options
84:       end

Disabled; run with --debug to generate this.

[Validate]

Generated with the Darkfish Rdoc Generator 1.1.6.