protected Method

RequestForgeryProtection.form_authenticity_token

Source
Home > Ruby > Rails > Rails 2.0.2 > ActionPack EDGE > ActionController > RequestForgeryProtection > form_authenticity_token

Sets the token value for the current session. Pass a :secret option in #protect_from_forgery to add a custom salt to the hash.

Source Code

# File action_controller/request_forgery_protection.rb, line 106
def form_authenticity_token
  @form_authenticity_token ||= if request_forgery_protection_options[:secret]
    authenticity_token_from_session_id
  elsif session.respond_to?(:dbman) && session.dbman.respond_to?(:generate_digest)
    authenticity_token_from_cookie_session
  elsif session.nil?
    raise InvalidAuthenticityToken, "Request Forgery Protection requires a valid session.  Use #allow_forgery_protection to disable it, or use a valid session."
  else
    raise InvalidAuthenticityToken, "No :secret given to the #protect_from_forgery call.  Set that or use a session store capable of generating its own keys (Cookie Session Store)."
  end
end
Comments

Have your say
Please use Textile formatting (click here for a cheat sheet). Use <code/> and <pre/> for code samples.
Click here to login with OpenID to to post comments.