Module: Otto::Security::CSRFHelpers

Defined in:

lib/otto/security/csrf.rb

Instance Method Summary

• #csrf_form_tag ⇒ Object
• #csrf_meta_tag ⇒ Object
• #csrf_token ⇒ Object
• #csrf_token_key ⇒ Object

Instance Method Details

#csrf_form_tag ⇒ Object

# File 'lib/otto/security/csrf.rb', line 171

def csrf_form_tag
  %(<input type="hidden" name="#{csrf_token_key}" value="#{csrf_token}">)
end

#csrf_meta_tag ⇒ Object

# File 'lib/otto/security/csrf.rb', line 167

def csrf_meta_tag
  %(<meta name="csrf-token" content="#{csrf_token}">)
end

#csrf_token ⇒ Object

# File 'lib/otto/security/csrf.rb', line 155

def csrf_token
  if @csrf_token.nil? && otto.respond_to?(:security_config)
    session_id = otto.security_config.get_or_create_session_id(req)
    @csrf_token = otto.security_config.generate_csrf_token(session_id)
  end
  @csrf_token
end

#csrf_token_key ⇒ Object

# File 'lib/otto/security/csrf.rb', line 175

def csrf_token_key
  otto.respond_to?(:security_config) ?
    otto.security_config.csrf_token_key : '_csrf_token'
end