Module: Mack::Utils::ForgeryDetector

Included in:

Controller

Defined in:

lib/mack/utils/forgery_detector.rb

Overview

:nodoc:

Defined Under Namespace

Modules: ClassMethods

Instance Method Summary

• #detect_forgery ⇒ Object

  This method will be added as “before-filter” for all controllers.

Instance Method Details

#detect_forgery ⇒ Object

This method will be added as “before-filter” for all controllers.

This method will filter the incoming request, and raise an exception if it thinks that the incoming request is a forged request.

The requirement for a request to be considered a forged:

• It must not be a GET request

• The forgery detection is not disabled globally

• The current action is not part of the “disabled” list

• The authenticity token in the request param is valid

• All of the above must be true

# File 'lib/mack/utils/forgery_detector.rb', line 99

def detect_forgery
  valid_request? || raise(Mack::Errors::InvalidAuthenticityToken.new(request.params[:__authenticity_token] || "unknown token"))
end