# File lib/ramaze/helper/csrf.rb, line 99 def csrf_protection(*methods, &block) # Only protect the specified methods if methods.include?(action.name) or methods.include?(action.name.to_sym) # THINK: For now the field name is hard-coded to "csrf_token". While # this is perfectly fine in most cases it might be a good idea # to allow developers to change the name of this field (for whatever the reason). yield unless validate_csrf_token(request.params['csrf_token']) end end