Module: Roda::RodaPlugins::FormeRouteCsrf::InstanceMethods

Defined in:
lib/roda/plugins/forme_route_csrf.rb

Instance Method Summary collapse

Instance Method Details

#form(obj = nil, attr = {}, opts = {}, &block) ⇒ Object

Create a Form object tied to the current output buffer, using the standard ERB hidden tags.



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'lib/roda/plugins/forme_route_csrf.rb', line 18

def form(obj=nil, attr={}, opts={}, &block)
  if obj.is_a?(Hash)
    attribs = obj
    options = attr = attr.dup
  else
    attribs = attr
    options = opts = opts.dup
  end

  apply_csrf = options[:csrf]

  if apply_csrf || apply_csrf.nil?
    unless method = attribs[:method] || attribs['method']
      if obj && !obj.is_a?(Hash) && obj.respond_to?(:forme_default_request_method)
        method = obj.forme_default_request_method
      end
    end
  end

  if apply_csrf.nil?
    apply_csrf = csrf_options[:check_request_methods].include?(method.to_s.upcase)
  end

  if apply_csrf
    token = if options.fetch(:use_request_specific_token){use_request_specific_csrf_tokens?}
      csrf_token(csrf_path(attribs[:action]), method)
    else
      csrf_token
    end

    options[:hidden_tags] ||= []
    options[:hidden_tags] += [{csrf_field=>token}]
  end

  options[:output] = @_out_buf if block
  ::Forme::ERB::Form.form(obj, attr, opts, &block)
end