Methods
Class Public methods
new(cookie = :csrf_token)
📝 Source code
# File actionpack/lib/action_controller/metal/request_forgery_protection.rb, line 332
def initialize(cookie = :csrf_token)
@cookie_name = cookie
end
🔎 See on GitHub
Instance Public methods
fetch(request)
📝 Source code
# File actionpack/lib/action_controller/metal/request_forgery_protection.rb, line 336
def fetch(request)
contents = request.cookie_jar.encrypted[@cookie_name]
return nil if contents.nil?
value = JSON.parse(contents)
return nil unless value.dig("session_id", "public_id") == request.session.id_was&.public_id
value["token"]
rescue JSON::ParserError
nil
end
🔎 See on GitHub
reset(request)
📝 Source code
# File actionpack/lib/action_controller/metal/request_forgery_protection.rb, line 359
def reset(request)
request.cookie_jar.delete(@cookie_name)
end
🔎 See on GitHub
store(request, csrf_token)
📝 Source code
# File actionpack/lib/action_controller/metal/request_forgery_protection.rb, line 348
def store(request, csrf_token)
request.cookie_jar.encrypted.permanent[@cookie_name] = {
value: {
token: csrf_token,
session_id: request.session.id,
}.to_json,
httponly: true,
same_site: :lax,
}
end
🔎 See on GitHub