Module: Padrino::Helpers::FormHelpers::Security

Defined in:
padrino-helpers/lib/padrino-helpers/form_helpers/security.rb

Overview

Helpers to generate form security tags for csrf protection.

Instance Method Summary collapse

Instance Method Details

#csrf_meta_tagsString

Constructs meta tags `csrf-param` and `csrf-token` with the name of the cross-site request forgery protection parameter and token, respectively.

Examples:

csrf_meta_tags

Returns:

  • (String)

    The meta tags with the CSRF token and the param your app expects it in.



34
35
36
37
38
39
# File 'padrino-helpers/lib/padrino-helpers/form_helpers/security.rb', line 34

def csrf_meta_tags
  if is_protected_from_csrf?
    meta_tag(csrf_param, :name => 'csrf-param') <<
    meta_tag(csrf_token, :name => 'csrf-token')
  end
end

#csrf_token_fieldString

Constructs a hidden field containing a CSRF token.

Examples:

csrf_token_field

Parameters:

  • token (String)

    The token to use. Will be read from the session by default.

Returns:

  • (String)

    The hidden field with CSRF token as value.



21
22
23
# File 'padrino-helpers/lib/padrino-helpers/form_helpers/security.rb', line 21

def csrf_token_field
  hidden_field_tag csrf_param, :value => csrf_token
end