Module: Otto::Security::CSRFHelpers

Defined in:

lib/otto/security/csrf.rb

Overview

Helper methods for CSRF token handling in views and controllers

Instance Method Summary

• #csrf_form_tag ⇒ Object
• #csrf_meta_tag ⇒ Object
• #csrf_token ⇒ Object
• #csrf_token_key ⇒ Object

Instance Method Details

#csrf_form_tag ⇒ Object

# File 'lib/otto/security/csrf.rb', line 29

def csrf_form_tag
  %(<input type="hidden" name="#{csrf_token_key}" value="#{csrf_token}">)
end

#csrf_meta_tag ⇒ Object

# File 'lib/otto/security/csrf.rb', line 25

def csrf_meta_tag
  %(<meta name="csrf-token" content="#{csrf_token}">)
end

#csrf_token ⇒ Object

# File 'lib/otto/security/csrf.rb', line 17

def csrf_token
  if @csrf_token.nil? && otto.respond_to?(:security_config)
    session_id  = otto.security_config.get_or_create_session_id(req)
    @csrf_token = otto.security_config.generate_csrf_token(session_id)
  end
  @csrf_token
end

#csrf_token_key ⇒ Object

# File 'lib/otto/security/csrf.rb', line 33

def csrf_token_key
  if otto.respond_to?(:security_config)
    otto.security_config.csrf_token_key
  else
    '_csrf_token'
  end
end