module ActionView::Helpers::CsrfHelper
Public Instance Methods
# File actionview/lib/action_view/helpers/csrf_helper.rb, line 20 def csrf_meta_tags if protect_against_forgery? [ tag('meta', :name => 'csrf-param', :content => request_forgery_protection_token), tag('meta', :name => 'csrf-token', :content => form_authenticity_token) ].join("\n").html_safe end end
Returns meta tags “csrf-param” and “csrf-token” with the name of the cross-site request forgery protection parameter and token, respectively.
<head> <%= csrf_meta_tags %> </head>
These are used to generate the dynamic forms that implement non-remote links with :method
.
You don't need to use these tags for regular forms as they generate their own hidden fields.
For AJAX requests other than GETs, extract the “csrf-token” from the meta-tag and send as the “X-CSRF-Token” HTTP header. If you are using jQuery with jquery-rails this happens automatically.
Also aliased as: csrf_meta_tag
© 2004–2018 David Heinemeier Hansson
Licensed under the MIT License.