Module: Padrino::Helpers::FormHelpers::Security

Defined in:: padrino-helpers/lib/padrino-helpers/form_helpers/security.rb

Overview

Helpers to generate form security tags for csrf protection.

Instance Method Summary collapse

#csrf_meta_tags ⇒ String

Constructs meta tags ‘csrf-param` and `csrf-token` with the name of the cross-site request forgery protection parameter and token, respectively.
#csrf_token_field ⇒ String

Constructs a hidden field containing a CSRF token.

Instance Method Details

#csrf_meta_tags ⇒ `String`

Constructs meta tags ‘csrf-param` and `csrf-token` with the name of the cross-site request forgery protection parameter and token, respectively.

Examples:

csrf_meta_tags

Returns:

(String) —

The meta tags with the CSRF token and the param your app expects it in.

# File 'padrino-helpers/lib/padrino-helpers/form_helpers/security.rb', line 34

def csrf_meta_tags
  if is_protected_from_csrf?
    meta_tag(csrf_param, :name => 'csrf-param') <<
    meta_tag(csrf_token, :name => 'csrf-token')
  end
end

#csrf_token_field ⇒ `String`

Constructs a hidden field containing a CSRF token.

Examples:

csrf_token_field

Parameters:

token (String) —

The token to use. Will be read from the session by default.

Returns:

(String) —

The hidden field with CSRF token as value.



21
22
23

# File 'padrino-helpers/lib/padrino-helpers/form_helpers/security.rb', line 21

def csrf_token_field
  hidden_field_tag csrf_param, :value => csrf_token
end

Module: Padrino::Helpers::FormHelpers::Security

Overview

Instance Method Summary collapse

Instance Method Details

#csrf_meta_tags ⇒ String

Examples:

#csrf_token_field ⇒ String

Examples:

#csrf_meta_tags ⇒ `String`

#csrf_token_field ⇒ `String`