class `ActionController::RequestForgeryProtection::CookieStore`

Public class methods

`new(cookie = :csrf_token)`

Source code GitHub

# File actionpack/lib/action_controller/metal/request_forgery_protection.rb, line 332
def initialize(cookie = :csrf_token)
  @cookie_name = cookie
end

Public instance methods

`fetch(request)`

Source code GitHub

# File actionpack/lib/action_controller/metal/request_forgery_protection.rb, line 336
def fetch(request)
  contents = request.cookie_jar.encrypted[@cookie_name]
  return nil if contents.nil?

  value = JSON.parse(contents)
  return nil unless value.dig("session_id", "public_id") == request.session.id_was&.public_id

  value["token"]
rescue JSON::ParserError
  nil
end

`reset(request)`

Source code GitHub

# File actionpack/lib/action_controller/metal/request_forgery_protection.rb, line 359
def reset(request)
  request.cookie_jar.delete(@cookie_name)
end

`store(request, csrf_token)`

Source code GitHub

# File actionpack/lib/action_controller/metal/request_forgery_protection.rb, line 348
def store(request, csrf_token)
  request.cookie_jar.encrypted.permanent[@cookie_name] = {
    value: {
      token: csrf_token,
      session_id: request.session.id,
    }.to_json,
    httponly: true,
    same_site: :lax,
  }
end

Definition files

actionpack/lib/action_controller/metal/request_forgery_protection.rb

class ActionController::RequestForgeryProtection::CookieStore

Public class methods

new(cookie = :csrf_token)

Public instance methods

fetch(request)

reset(request)

store(request, csrf_token)

Definition files

class `ActionController::RequestForgeryProtection::CookieStore`

`new(cookie = :csrf_token)`

`fetch(request)`

`reset(request)`

`store(request, csrf_token)`