Rails: How Does csrf_meta_tag Work?

Question

I\'m a PHP developer learning Ruby on Rails by reading Michael Hartl\'s tutorial. Here is a quote from the book, referring to csrf_meta_tag:

Answer 1

In Rails it will work like this way

def csrf_meta_tags
    if protect_against_forgery?
      [
        tag('meta', :name => 'csrf-param', :content => request_forgery_protection_token),
        tag('meta', :name => 'csrf-token', :content => form_authenticity_token)
      ].join("\n").html_safe
    end
  end

See more details just click

You also need to check Ruby On Rails Security Guide

here is the nice blog

BUT - I prefere National Vulnerability Database, here is the good explanation

CWE-352: Cross-Site Request Forgery (CSRF)

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Check this document for CWE - Common Weakness Enumeration