Module: Roda::RodaPlugins::Csrf

Defined in:: lib/roda/plugins/csrf.rb

Overview

This plugin is no longer recommended for use, it exists only for backwards compatibility. Consider using the route_csrf plugin instead, as that provides stronger CSRF protection.

The csrf plugin adds CSRF protection using rack_csrf, along with some csrf helper methods to use in your views. To use it, load the plugin, with the options hash passed to Rack::Csrf:

plugin :csrf, raise: true

Optionally you can choose not to setup rack_csrf middleware on the roda app if you already have one configured:

plugin :csrf, skip_middleware: true

This adds the following instance methods:

csrf_field: The field name to use for the hidden/meta csrf tag.
csrf_header: The http header name to use for submitting csrf token via headers (useful for javascript).
csrf_metatag: An html meta tag string containing the token, suitable for placing in the page header
csrf_tag: An html hidden input tag string containing the token, suitable for placing in an html form.
csrf_token: The value of the csrf token, in case it needs to be accessed directly.

Defined Under Namespace

Modules: InstanceMethods

Constant Summary collapse

CSRF =

::Rack::Csrf

Class Method Summary collapse

.configure(app, opts = {}) ⇒ Object

Load the Rack::Csrf middleware into the app with the given options.

Class Method Details

.configure(app, opts = {}) ⇒ `Object`

Load the Rack::Csrf middleware into the app with the given options.

# File 'lib/roda/plugins/csrf.rb', line 37

def self.configure(app, opts={})
  return if opts[:skip_middleware]
  app.instance_exec do
    @middleware.each do |(mid, *rest), _|
      if mid.equal?(CSRF)
        rest[0].merge!(opts)
        build_rack_app
        return
      end
    end
    use CSRF, opts
  end
end