Module: Padrino::Helpers::FormHelpers::Security

Defined in:

padrino-helpers/lib/padrino-helpers/form_helpers/security.rb

Overview

Helpers to generate form security tags for csrf protection.

Instance Method Summary

• #csrf_meta_tags ⇒ String

  Constructs meta tags ‘csrf-param` and `csrf-token` with the name of the cross-site request forgery protection parameter and token, respectively.

• #csrf_token_field ⇒ String

  Constructs a hidden field containing a CSRF token.

Instance Method Details

#csrf_meta_tags ⇒ String

Constructs meta tags ‘csrf-param` and `csrf-token` with the name of the cross-site request forgery protection parameter and token, respectively.

Examples:

csrf_meta_tags

Returns:

• (String) —

  The meta tags with the CSRF token and the param your app expects it in.

# File 'padrino-helpers/lib/padrino-helpers/form_helpers/security.rb', line 34

def csrf_meta_tags
  if is_protected_from_csrf?
    meta_tag(csrf_param, :name => 'csrf-param') <<
    meta_tag(csrf_token, :name => 'csrf-token')
  end
end

#csrf_token_field ⇒ String

Constructs a hidden field containing a CSRF token.

Examples:

csrf_token_field

Parameters:

• token (String) —

  The token to use. Will be read from the session by default.

Returns:

• (String) —

  The hidden field with CSRF token as value.

# File 'padrino-helpers/lib/padrino-helpers/form_helpers/security.rb', line 21

def csrf_token_field
  hidden_field_tag csrf_param, :value => csrf_token
end