Module | ActionView::Helpers::CsrfHelper |
In: |
lib/action_view/helpers/csrf_helper.rb
|
Returns meta tags "csrf-param" and "csrf-token" with the name of the cross-site request forgery protection parameter and token, respectively.
<head> <%= csrf_meta_tags %> </head>
These are used to generate the dynamic forms that implement non-remote links with :method.
Note that regular forms generate hidden fields, and that Ajax calls are whitelisted, so they do not use these tags.