protected Method

RequestForgeryProtection.verified_request?

Source
Home > Ruby > Rails > Rails 2.0.2 > ActionPack EDGE > ActionController > RequestForgeryProtection > verified_request?

Returns true or false if a request is verified. Checks:

  • is the format restricted? By default, only HTML and AJAX requests are checked.
  • is it a GET request? Gets should be safe and idempotent
  • Does the form_authenticity_token match the given _token value from the params?

Source Code

# File action_controller/request_forgery_protection.rb, line 94
def verified_request?
  !protect_against_forgery?     ||
    request.method == :get      ||
    !verifiable_request_format? ||
    form_authenticity_token == params[request_forgery_protection_token]
end
Comments

Have your say
Please use Textile formatting (click here for a cheat sheet). Use <code/> and <pre/> for code samples.
Click here to login with OpenID to to post comments.