Module: ActionView::Helpers::CsrfHelper

Included in:

ActionView::Helpers

Defined in:

lib/action_view/helpers/csrf_helper.rb

Overview

:nodoc:

Instance Method Summary

• #csrf_meta_tags ⇒ Object (also: #csrf_meta_tag)

  Returns meta tags “csrf-param” and “csrf-token” with the name of the cross-site request forgery protection parameter and token, respectively.

Instance Method Details

#csrf_meta_tags ⇒ Object Also known as: csrf_meta_tag

Returns meta tags “csrf-param” and “csrf-token” with the name of the cross-site request forgery protection parameter and token, respectively.

<head>
  <%= csrf_meta_tags %>
</head>

These are used to generate the dynamic forms that implement non-remote links with :method.

You don’t need to use these tags for regular forms as they generate their own hidden fields.

For AJAX requests other than GETs, extract the “csrf-token” from the meta-tag and send as the “X-CSRF-Token” HTTP header. If you are using rails-ujs this happens automatically.

# File 'lib/action_view/helpers/csrf_helper.rb', line 22

def csrf_meta_tags
  if defined?(protect_against_forgery?) && protect_against_forgery?
    [
      tag("meta", name: "csrf-param", content: request_forgery_protection_token),
      tag("meta", name: "csrf-token", content: form_authenticity_token)
    ].join("\n").html_safe
  end
end