instance method `masked_authenticity_token`

Ruby on Rails 5.2.8.1

Since v5.2.8.1 Private

Available in: v5.2.8.1 v6.0.6 v6.1.7.10 v7.0.10 v7.1.6 v7.2.3 v8.0.4 v8.1.2

Compare with:

masked_authenticity_token(session, form_options: {})

Creates a masked version of the authenticity token that varies on each request. The masking is used to mitigate SSL attacks like BREACH.

Parameters

session req
form_options key = {}

Source

# File actionpack/lib/action_controller/metal/request_forgery_protection.rb, line 318
      def masked_authenticity_token(session, form_options: {}) # :doc:
        action, method = form_options.values_at(:action, :method)

        raw_token = if per_form_csrf_tokens && action && method
          action_path = normalize_action_path(action)
          per_form_csrf_token(session, action_path, method)
        else
          global_csrf_token(session)
        end

        mask_token(raw_token)
      end

Defined in actionpack/lib/action_controller/metal/request_forgery_protection.rb line 318 · View on GitHub · Improve this page · Find usages on GitHub

Defined in ActionController::RequestForgeryProtection

Signature

Parameters