Module: Jets::Controller::ForgeryProtection

Extended by:
ActiveSupport::Concern
Included in:
Base
Defined in:
lib/jets/controller/forgery_protection.rb

Instance Method Summary collapse

Instance Method Details

#verify_authenticity_tokenObject

Instance methods



32
33
34
35
36
37
38
39
40
41
# File 'lib/jets/controller/forgery_protection.rb', line 32

def verify_authenticity_token
  return true if Jets.env.test? || request.get? || request.head?

  token = session[:authenticity_token]
  verified = !token.nil? && (token == params[:authenticity_token] || token == request.headers["x-csrf-token"])

  unless verified
    raise Error::InvalidAuthenticityToken
  end
end