module Roda::RodaPlugins::Csrf

  1. lib/roda/plugins/csrf.rb

The csrf plugin adds CSRF protection using rack_csrf, along with some csrf helper methods to use in your views. To use it, load the plugin, with the options hash passed to Rack::Csrf:

plugin :csrf, :raise=>true

This adds the following instance methods:

csrf_field

The field name to use for the hidden/meta csrf tag.

csrf_header

The http header name to use for submitting csrf token via headers (useful for javascript).

csrf_metatag

An html meta tag string containing the token, suitable for placing in the page header

csrf_tag

An html hidden input tag string containing the token, suitable for placing in an html form.

csrf_token

The value of the csrf token, in case it needs to be accessed directly.

Methods

Public Class

  1. configure

Constants

CSRF = ::Rack::Csrf  

Public Class methods

configure (app, opts={})

Load the Rack::Csrf middleware into the app with the given options.

[show source]
# File lib/roda/plugins/csrf.rb, line 27
def self.configure(app, opts={})
  app.instance_exec do
    @middleware.each do |(mid, *rest), _|
      if mid.equal?(CSRF)
        rest[0].merge!(opts)
        build_rack_app
        return
      end
    end
    use CSRF, opts
  end
end