Class Rack::Protection::HttpOrigin
In: lib/rack/protection/http_origin.rb
Parent: Base
Prevented attack:CSRF
Supported browsers:Google Chrome 2, Safari 4 and later
More infos:en.wikipedia.org/wiki/Cross-site_request_forgery tools.ietf.org/html/draft-abarth-origin

Does not accept unsafe HTTP requests when value of Origin HTTP request header does not match default or whitelisted URIs.

Methods

accepts?   base_url  

Constants

DEFAULT_PORTS = { 'http' => 80, 'https' => 443, 'coffee' => 80 }

Public Instance methods

[Validate]