class ActionController::RequestForgeryProtection::ProtectionMethods::NullSession

Parent:
Object

Public Class Methods

new(controller) Show source
# File actionpack/lib/action_controller/metal/request_forgery_protection.rb, line 120
def initialize(controller)
  @controller = controller
end

Public Instance Methods

handle_unverified_request() Show source
# File actionpack/lib/action_controller/metal/request_forgery_protection.rb, line 125
def handle_unverified_request
  request = @controller.request
  request.session = NullSessionHash.new(request.env)
  request.env['action_dispatch.request.flash_hash'] = nil
  request.env['rack.session.options'] = { skip: true }
  request.env['action_dispatch.cookies'] = NullCookieJar.build(request)
end

This is the method that defines the application behavior when a request is found to be unverified.

© 2004–2018 David Heinemeier Hansson
Licensed under the MIT License.