<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Module: ActionController::RequestForgeryProtection</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="Content-Script-Type" content="text/javascript" />
<link rel="stylesheet" href="../.././rdoc-style.css" type="text/css" media="screen" />
<script type="text/javascript">
// <![CDATA[
function popupCode( url ) {
window.open(url, "Code", "resizable=yes,scrollbars=yes,toolbar=no,status=no,height=150,width=400")
}
function toggleCode( id ) {
if ( document.getElementById )
elem = document.getElementById( id );
else if ( document.all )
elem = eval( "document.all." + id );
else
return false;
elemStyle = elem.style;
if ( elemStyle.display != "block" ) {
elemStyle.display = "block"
} else {
elemStyle.display = "none"
}
return true;
}
// Make codeblocks hidden by default
document.writeln( "<style type=\"text/css\">div.method-source-code { display: none }</style>" )
// ]]>
</script>
</head>
<body>
<div id="classHeader">
<table class="header-table">
<tr class="top-aligned-row">
<td><strong>Module</strong></td>
<td class="class-name-in-header">ActionController::RequestForgeryProtection</td>
</tr>
<tr class="top-aligned-row">
<td><strong>In:</strong></td>
<td>
<a href="../../files/lib/action_controller/request_forgery_protection_rb.html">
lib/action_controller/request_forgery_protection.rb
</a>
<br />
</td>
</tr>
</table>
</div>
<!-- banner header -->
<div id="bodyContent">
<div id="contextContent">
</div>
<div id="method-list">
<h3 class="section-bar">Methods</h3>
<div class="name-list">
<a href="#M000147">form_authenticity_token</a>
<a href="#M000143">included</a>
<a href="#M000148">protect_against_forgery?</a>
<a href="#M000146">verifiable_request_format?</a>
<a href="#M000145">verified_request?</a>
<a href="#M000144">verify_authenticity_token</a>
</div>
</div>
</div>
<!-- if includes -->
<div id="section">
<div id="class-list">
<h3 class="section-bar">Classes and Modules</h3>
Module <a href="RequestForgeryProtection/ClassMethods.html" class="link">ActionController::RequestForgeryProtection::ClassMethods</a><br />
</div>
<!-- if method_list -->
<div id="methods">
<h3 class="section-bar">Public Class methods</h3>
<div id="method-M000143" class="method-detail">
<a name="M000143"></a>
<div class="method-heading">
<a href="RequestForgeryProtection.src/M000143.html" target="Code" class="method-signature"
onclick="popupCode('RequestForgeryProtection.src/M000143.html');return false;">
<span class="method-name">included</span><span class="method-args">(base)</span>
</a>
</div>
<div class="method-description">
</div>
</div>
<h3 class="section-bar">Protected Instance methods</h3>
<div id="method-M000147" class="method-detail">
<a name="M000147"></a>
<div class="method-heading">
<a href="RequestForgeryProtection.src/M000147.html" target="Code" class="method-signature"
onclick="popupCode('RequestForgeryProtection.src/M000147.html');return false;">
<span class="method-name">form_authenticity_token</span><span class="method-args">()</span>
</a>
</div>
<div class="method-description">
<p>
Sets the token value for the current session. Pass a <tt>:secret</tt>
option in <tt>protect_from_forgery</tt> to add a custom salt to the hash.
</p>
</div>
</div>
<div id="method-M000148" class="method-detail">
<a name="M000148"></a>
<div class="method-heading">
<a href="RequestForgeryProtection.src/M000148.html" target="Code" class="method-signature"
onclick="popupCode('RequestForgeryProtection.src/M000148.html');return false;">
<span class="method-name">protect_against_forgery?</span><span class="method-args">()</span>
</a>
</div>
<div class="method-description">
</div>
</div>
<div id="method-M000146" class="method-detail">
<a name="M000146"></a>
<div class="method-heading">
<a href="RequestForgeryProtection.src/M000146.html" target="Code" class="method-signature"
onclick="popupCode('RequestForgeryProtection.src/M000146.html');return false;">
<span class="method-name">verifiable_request_format?</span><span class="method-args">()</span>
</a>
</div>
<div class="method-description">
</div>
</div>
<div id="method-M000145" class="method-detail">
<a name="M000145"></a>
<div class="method-heading">
<a href="RequestForgeryProtection.src/M000145.html" target="Code" class="method-signature"
onclick="popupCode('RequestForgeryProtection.src/M000145.html');return false;">
<span class="method-name">verified_request?</span><span class="method-args">()</span>
</a>
</div>
<div class="method-description">
<p>
Returns true or false if a request is verified. Checks:
</p>
<ul>
<li>is the format restricted? By default, only HTML requests are checked.
</li>
<li>is it a GET request? Gets should be safe and idempotent
</li>
<li>Does the <a
href="RequestForgeryProtection.html#M000147">form_authenticity_token</a>
match the given token value from the params?
</li>
</ul>
</div>
</div>
<div id="method-M000144" class="method-detail">
<a name="M000144"></a>
<div class="method-heading">
<a href="RequestForgeryProtection.src/M000144.html" target="Code" class="method-signature"
onclick="popupCode('RequestForgeryProtection.src/M000144.html');return false;">
<span class="method-name">verify_authenticity_token</span><span class="method-args">()</span>
</a>
</div>
<div class="method-description">
<p>
The actual before_filter that is used. Modify this to change how you handle
unverified requests.
</p>
</div>
</div>
</div>
</div>
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
</div>
</body>
</html>
distrib
>
Mandriva
>
2010.0
>
i586
>
media
>
contrib-release
>
by-pkgid
>
8b99df826c3b6cf56a1caaae5f931d50
>
files
>
505
