Sha256: 5b025f6652ef8e44698a420fcc4e6073d168fe25a7c01116db89239a11e50a0b
Contents?: true
Size: 1.16 KB
Versions: 23
Compression:
Stored size: 1.16 KB
Contents
# frozen_string_literal: true
module ActionView
module Helpers # :nodoc:
# = Action View CSRF \Helpers
module CsrfHelper
# Returns meta tags "csrf-param" and "csrf-token" with the name of the cross-site
# request forgery protection parameter and token, respectively.
#
# <head>
# <%= csrf_meta_tags %>
# </head>
#
# These are used to generate the dynamic forms that implement non-remote links with
# <tt>:method</tt>.
#
# You don't need to use these tags for regular forms as they generate their own hidden fields.
#
# For Ajax requests other than GETs, extract the "csrf-token" from the meta-tag and send as the
# +X-CSRF-Token+ HTTP header.
#
def csrf_meta_tags
if defined?(protect_against_forgery?) && protect_against_forgery?
[
tag("meta", name: "csrf-param", content: request_forgery_protection_token),
tag("meta", name: "csrf-token", content: form_authenticity_token)
].join("\n").html_safe
end
end
# For backwards compatibility.
alias csrf_meta_tag csrf_meta_tags
end
end
end
Version data entries
23 entries across 23 versions & 2 rubygems