module ActionView::Helpers::CsrfHelper
Action View CSRF Helpers
Public instance methods
Also aliased as:
csrf_meta_tag
.
Returns meta tags “csrf-param” and “csrf-token” with the name of the cross-site request forgery protection parameter and token, respectively.
<head>
<%= csrf_meta_tags %>
</head>
These are used to generate the dynamic forms that implement non-remote links with :method
.
You don’t need to use these tags for regular forms as they generate their own hidden fields.
For Ajax requests other than GETs, extract the “csrf-token” from the meta-tag and send as the X-CSRF-Token
HTTP header.
Source code GitHub
# File actionview/lib/action_view/helpers/csrf_helper.rb, line 22
def csrf_meta_tags
if defined?(protect_against_forgery?) && protect_against_forgery?
[
tag("meta", name: "csrf-param", content: request_forgery_protection_token),
tag("meta", name: "csrf-token", content: form_authenticity_token)
].join("\n").html_safe
end
end