# File lib/ramaze/helper/csrf.rb, line 188 def validate_csrf_token(input_token) # Check if the CSRF data has been generated and generate it if this # hasn't been done already (usually on the first request). if !session[:_csrf] or session[:_csrf].empty? self.generate_csrf_token end _csrf = session[:_csrf] # Mirror mirror on the wall, who's the most secure of them all? session[:_csrf][:token] == input_token && (Time.now.to_f - _csrf[:time]) <= _csrf[:ttl] && _csrf[:host] == request.env['REMOTE_HOST'] && _csrf[:ip] == request.env['REMOTE_ADDR'] && _csrf[:agent] == request.env['HTTP_USER_AGENT'] end