Class Rack::Protection::JsonCsrf
In: lib/rack/protection/json_csrf.rb
Parent: Base
Prevented attack:CSRF
Supported browsers:all
More infos:flask.pocoo.org/docs/0.10/security/#json-security haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerability.aspx

JSON GET APIs are vulnerable to being embedded as JavaScript when the Array prototype has been patched to track data. Checks the referrer even on GET requests if the content type is JSON.

If request includes Origin HTTP header, defers to HttpOrigin to determine if the request is safe. Please refer to the documentation for more info.

The `:allow_if` option can be set to a proc to use custom allow/deny logic.

Methods

External Aliases

deny -> react

Public Instance methods

[Validate]