Module: Cuba::CSRF

Defined in:: lib/cuba/csrf.rb

Instance Method Summary collapse

#csrf_form_tag ⇒ Object (also: #csrf_tag)
#csrf_meta_tag ⇒ Object
#csrf_safe? ⇒ Boolean
#csrf_token ⇒ Object

Instance Method Details

#csrf_form_tag ⇒ `Object` Also known as: csrf_tag



15
16
17

# File 'lib/cuba/csrf.rb', line 15

def csrf_form_tag
  %Q(<input type="hidden" name="csrf_token" value="#{csrf_token}">)
end

#csrf_meta_tag ⇒ `Object`



20
21
22

# File 'lib/cuba/csrf.rb', line 20

def csrf_meta_tag
  %Q(<meta name="csrf_token" content="#{csrf_token}">)
end

#csrf_safe? ⇒ `Boolean`

Returns:

(Boolean)

# File 'lib/cuba/csrf.rb', line 5

def csrf_safe?
  req.get? || req.head? ||
    req[:csrf_token] == csrf_token ||
    env["HTTP_X_CSRF_TOKEN"] == csrf_token
end

#csrf_token ⇒ `Object`



11
12
13

# File 'lib/cuba/csrf.rb', line 11

def csrf_token
  session[:csrf_token] ||= SecureRandom.base64(32)
end

Module: Cuba::CSRF

Instance Method Summary collapse

Instance Method Details

#csrf_form_tag ⇒ Object Also known as: csrf_tag

#csrf_meta_tag ⇒ Object

#csrf_safe? ⇒ Boolean

#csrf_token ⇒ Object

#csrf_form_tag ⇒ `Object` Also known as: csrf_tag

#csrf_meta_tag ⇒ `Object`

#csrf_safe? ⇒ `Boolean`

#csrf_token ⇒ `Object`