API Guides

instance method valid_request_origin?

Ruby on Rails 6.0.6

Since v5.2.8.1 Private

Available in: v5.2.8.1 v6.0.6 v6.1.7.10 v7.0.10 v7.1.6 v7.2.3 v8.0.4 v8.1.2 

valid_request_origin?()

Checks if the request originated from the same origin by looking at the Origin header.

Source 
# File actionpack/lib/action_controller/metal/request_forgery_protection.rb, line 455
      def valid_request_origin? # :doc:
        if forgery_protection_origin_check
          # We accept blank origin headers because some user agents don't send it.
          raise InvalidAuthenticityToken, NULL_ORIGIN_MESSAGE if request.origin == "null"
          request.origin.nil? || request.origin == request.base_url
        else
          true
        end
      end

Defined in actionpack/lib/action_controller/metal/request_forgery_protection.rb line 455 · View on GitHub · Improve this page · Find usages on GitHub

Defined in ActionController::RequestForgeryProtection

Type at least 2 characters to search.

↑↓ navigate · open · esc close