You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: guides/source/working_with_javascript_in_rails.md
+2Lines changed: 2 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -304,6 +304,8 @@ added to the form that the `button_to` helper renders internally:
304
304
When making non-GET requests from JavaScript the `X-CSRF-Token` header is required.
305
305
Without this header requests won't be accepted by Rails.
306
306
307
+
NOTE: This token is required by Rails to prevent Cross-Site Request Forgery (CSRF) attacks. Read more in the [security guide](security.html#cross-site-request-forgery-csrf).
308
+
307
309
[Rails Request.JS](https://github.com/rails/request.js) encapsulates the logic
308
310
of adding the request headers that are required by Rails. Just
309
311
import the `FetchRequest` class from the package and instantiate it
0 commit comments