| Class | Rack::Protection::RemoteReferrer |
| In: |
lib/rack/protection/remote_referrer.rb
|
| Parent: | Base |
| Prevented attack: | CSRF |
| Supported browsers: | all |
| More infos: | en.wikipedia.org/wiki/Cross-site_request_forgery |
Does not accept unsafe HTTP requests if the Referer [sic] header is set to a different host.
Combine with NoReferrer to also block remote requests from non-HTTP pages (FTP/HTTPS/…).