instance method `verified_request?`

Ruby on Rails 4.1.16

Since v2.2.3

Available in: v2.2.3 v2.3.18 v3.0.20 v3.1.12 v3.2.22.5 v4.0.13 v4.1.16 v5.2.8.1 v6.0.6 v6.1.7.10 v7.0.10 v7.1.6 v7.2.3 v8.0.4 v8.1.2

Compare with:

verified_request?()

Returns true or false if a request is verified. Checks:

is it a GET or HEAD request? Gets should be safe and idempotent
Does the form_authenticity_token match the given token value from the params?
Does the X-CSRF-Token header match the form_authenticity_token

Source

# File actionpack/lib/action_controller/metal/request_forgery_protection.rb, line 242
      def verified_request?
        !protect_against_forgery? || request.get? || request.head? ||
          form_authenticity_token == params[request_forgery_protection_token] ||
          form_authenticity_token == request.headers['X-CSRF-Token']
      end

Defined in actionpack/lib/action_controller/metal/request_forgery_protection.rb line 242 · View on GitHub · Improve this page · Find usages on GitHub

Defined in ActionController::RequestForgeryProtection

Signature