This plugin is no longer recommended for use, it exists only for backwards compatibility. Consider using the route_csrf plugin instead, as that provides stronger CSRF protection.
The csrf plugin adds CSRF protection using rack_csrf, along with some csrf helper methods to use in your views. To use it, load the plugin, with the options hash passed to Rack::Csrf:
plugin :csrf, raise: true
Optionally you can choose not to setup rack_csrf middleware on the roda app if you already have one configured:
plugin :csrf, skip_middleware: true
This adds the following instance methods:
| csrf_field |
The field name to use for the hidden/meta csrf tag. |
| csrf_header |
The http header name to use for submitting csrf token via headers (useful for javascript). |
| csrf_metatag |
An html meta tag string containing the token, suitable for placing in the page header |
| csrf_tag |
An html hidden input tag string containing the token, suitable for placing in an html form. |
| csrf_token |
The value of the csrf token, in case it needs to be accessed directly. |
Classes and Modules
Constants
| CSRF | = | ::Rack::Csrf |
Public Class methods
Load the Rack::Csrf middleware into the app with the given options.
# File lib/roda/plugins/csrf.rb 37 def self.configure(app, opts={}) 38 return if opts[:skip_middleware] 39 app.instance_exec do 40 @middleware.each do |(mid, *rest), _| 41 if mid.equal?(CSRF) 42 rest[0].merge!(opts) 43 build_rack_app 44 return 45 end 46 end 47 use CSRF, opts 48 end 49 end