Sha256: a76e6c8775ac9877efc9334e93e20c8ee828a7dd09e51bf2ae191a3db4c9afb2
Contents?: true
Size: 1.78 KB
Versions: 21
Compression:
Stored size: 1.78 KB
Contents
require 'rack/csrf'
class Roda
module RodaPlugins
# The csrf plugin adds CSRF protection using rack_csrf, along with
# some csrf helper methods to use in your views. To use it, load
# the plugin, with the options hash passed to Rack::Csrf:
#
# plugin :csrf, :raise=>true
#
# This adds the following instance methods:
#
# csrf_field :: The field name to use for the hidden/meta csrf tag.
# csrf_header :: The http header name to use for submitting csrf token via
# headers (useful for javascript).
# csrf_metatag :: An html meta tag string containing the token, suitable
# for placing in the page header
# csrf_tag :: An html hidden input tag string containing the token, suitable
# for placing in an html form.
# csrf_token :: The value of the csrf token, in case it needs to be accessed
# directly.
module Csrf
CSRF = ::Rack::Csrf
# Load the Rack::Csrf middleware into the app with the given options.
def self.configure(app, opts={})
app.use CSRF, opts
end
module InstanceMethods
# The name of the hidden/meta csrf tag.
def csrf_field
CSRF.field
end
# The http header name to use for submitting csrf token via headers.
def csrf_header
CSRF.header
end
# An html meta tag string containing the token.
def csrf_metatag(opts={})
CSRF.metatag(env, opts)
end
# An html hidden input tag string containing the token.
def csrf_tag
CSRF.tag(env)
end
# The value of the csrf token.
def csrf_token
CSRF.token(env)
end
end
end
register_plugin(:csrf, Csrf)
end
end
Version data entries
21 entries across 21 versions & 2 rubygems