Methods

Class Public methods

new(cookie = :csrf_token)

📝 Source code
# File actionpack/lib/action_controller/metal/request_forgery_protection.rb, line 332
      def initialize(cookie = :csrf_token)
        @cookie_name = cookie
      end
🔎 See on GitHub

Instance Public methods

fetch(request)

📝 Source code
# File actionpack/lib/action_controller/metal/request_forgery_protection.rb, line 336
      def fetch(request)
        contents = request.cookie_jar.encrypted[@cookie_name]
        return nil if contents.nil?

        value = JSON.parse(contents)
        return nil unless value.dig("session_id", "public_id") == request.session.id_was&.public_id

        value["token"]
      rescue JSON::ParserError
        nil
      end
🔎 See on GitHub

reset(request)

📝 Source code
# File actionpack/lib/action_controller/metal/request_forgery_protection.rb, line 359
      def reset(request)
        request.cookie_jar.delete(@cookie_name)
      end
🔎 See on GitHub

store(request, csrf_token)

📝 Source code
# File actionpack/lib/action_controller/metal/request_forgery_protection.rb, line 348
      def store(request, csrf_token)
        request.cookie_jar.encrypted.permanent[@cookie_name] = {
          value: {
            token: csrf_token,
            session_id: request.session.id,
          }.to_json,
          httponly: true,
          same_site: :lax,
        }
      end
🔎 See on GitHub