Module | ActionController::RequestForgeryProtection::ClassMethods |
In: |
lib/action_controller/metal/request_forgery_protection.rb
|
Turn on request forgery protection. Bear in mind that only non-GET, HTML/JavaScript requests are checked.
Example:
class FooController < ApplicationController protect_from_forgery :except => :index # you can disable csrf protection on controller-by-controller basis: skip_before_filter :verify_authenticity_token end
Valid Options: