Class/Module Index [+]

Quicksearch

ActionView::Helpers::CsrfHelper

Public Instance Methods

csrf_meta_tag() click to toggle source

For backwards compatibility.

Alias for: csrf_meta_tags
csrf_meta_tags() click to toggle source

Returns meta tags “csrf-param” and “csrf-token” with the name of the cross-site request forgery protection parameter and token, respectively.

<head>
  <%= csrf_meta_tags %>
</head>

These are used to generate the dynamic forms that implement non-remote links with :method.

Note that regular forms generate hidden fields, and that Ajax calls are whitelisted, so they do not use these tags.

# File lib/action_view/helpers/csrf_helper.rb, line 19
def csrf_meta_tags
  if protect_against_forgery?
    [
      tag('meta', :name => 'csrf-param', :content => request_forgery_protection_token),
      tag('meta', :name => 'csrf-token', :content => form_authenticity_token)
    ].join("\n").html_safe
  end
end
Also aliased as: csrf_meta_tag

[Validate]

Generated with the Darkfish Rdoc Generator 2.