kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Merge pull request #36771 from ajn123/add-documentation-for-csrf-javascript

Browse source 
[ci skip] add CSRF token explanation for javascript documentation
This commit is contained in:
Rafael França 2019-07-26 12:56:38 -04:00 committed by GitHub
commit 7067ee91fb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
guides/source/working_with_javascript_in_rails.md
View file

@ -14,6 +14,7 @@ After reading this guide, you will know:
* How Rails' built-in helpers assist you.
* How to handle Ajax on the server side.
* The Turbolinks gem.
* How to include your Cross-Site Request Forgery token in request headers
-------------------------------------------------------------------------------
@ -524,6 +525,23 @@ For more details, including other events you can bind to, check out [the
Turbolinks
README](https://github.com/turbolinks/turbolinks/blob/master/README.md).
Cross-Site Request Forgery (CSRF) token in Ajax
----
When using another library to make Ajax calls, it is necessary to add
the security token as a default header for Ajax calls in your library. To get
the token:
```javascript
var token = document.getElementsByName('csrf-token')[0].content
```
You can then submit this token as a X-CSRF-Token in your header for your
Ajax requst. You do not need to add a CSRF for GET requests, only non-GET
requests.
You can read more about about Cross-Site Request Forgery in [Security](https://guides.rubyonrails.org/security.html#cross-site-request-forgery-csrf)
Other Resources
---------------