Module: Roda::RodaPlugins::FormeRouteCsrf::InstanceMethods
- Defined in:
- lib/roda/plugins/forme_route_csrf.rb
Instance Method Summary collapse
-
#form(obj = nil, attr = {}, opts = {}, &block) ⇒ Object
Create a
Form
object tied to the current output buffer, using the standard ERB hidden tags.
Instance Method Details
#form(obj = nil, attr = {}, opts = {}, &block) ⇒ Object
Create a Form
object tied to the current output buffer, using the standard ERB hidden tags.
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 |
# File 'lib/roda/plugins/forme_route_csrf.rb', line 18 def form(obj=nil, attr={}, opts={}, &block) if obj.is_a?(Hash) attribs = obj = attr = attr.dup else attribs = attr = opts = opts.dup end apply_csrf = [:csrf] if apply_csrf || apply_csrf.nil? unless method = attribs[:method] || attribs['method'] if obj && !obj.is_a?(Hash) && obj.respond_to?(:forme_default_request_method) method = obj.forme_default_request_method end end end if apply_csrf.nil? apply_csrf = [:check_request_methods].include?(method.to_s.upcase) end if apply_csrf token = if .fetch(:use_request_specific_token){use_request_specific_csrf_tokens?} csrf_token(csrf_path(attribs[:action]), method) else csrf_token end [:hidden_tags] ||= [] [:hidden_tags] += [{csrf_field=>token}] end [:output] = @_out_buf if block ::Forme::ERB::Form.form(obj, attr, opts, &block) end |