Rails: How Does csrf_meta_tag Work?

后端未结

关注

 5  1687

灰色年华 2020-12-07 18:43

I\'m a PHP developer learning Ruby on Rails by reading Michael Hartl\'s tutorial. Here is a quote from the book, referring to csrf_meta_tag:

5条回答

死守一世寂寞 (楼主)

2020-12-07 19:05

Output of the helper csrf_meta_tags:

This token can be included in ajax request. Exapmle (jquery-ujs):

https://github.com/rails/jquery-ujs/blob/4b6e30f68ff1244fc0c790641d3408c2695a29bd/src/rails.js#L70

    csrfToken: function() {
     return $('meta[name=csrf-token]').attr('content');
    },

    // URL param that must contain the CSRF token
    csrfParam: function() {
     return $('meta[name=csrf-param]').attr('content');
    },

    // Make sure that every Ajax request sends the CSRF token
    CSRFProtection: function(xhr) {
      var token = rails.csrfToken();
      if (token) xhr.setRequestHeader('X-CSRF-Token', token);
    },

0 讨论(0)

查看其它5个回答