Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
revises implementation and documentation of csrf_meta_tags, and alias…
…es csrf_meta_tag to it for backwards compatibilty
- Loading branch information
Showing
7 changed files
with
34 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -1,14 +1,30 @@ | |||
require 'active_support/core_ext/string/strip' | |||
|
|||
module ActionView | module ActionView | ||
# = Action View CSRF Helper | # = Action View CSRF Helper | ||
module Helpers | module Helpers | ||
module CsrfHelper | module CsrfHelper | ||
# Returns a meta tag with the cross-site request forgery protection token | # Returns meta tags "csrf-param" and "csrf-token" with the name of the cross-site | ||
# for forms to use. Place this in your head. | # request forgery protection parameter and token, respectively. | ||
def csrf_meta_tag | # | ||
if protect_against_forgery? | # <head> | ||
%(<meta name="csrf-param" content="#{Rack::Utils.escape_html(request_forgery_protection_token)}"/>\n<meta name="csrf-token" content="#{Rack::Utils.escape_html(form_authenticity_token)}"/>).html_safe | # <%= csrf_meta_tags %> | ||
end | # </head> | ||
# | |||
# These are used to generate the dynamic forms that implement non-remote links with | |||
# <tt>:method</tt>. | |||
# | |||
# Note that regular forms generate hidden fields, and that Ajax calls are whitelisted, | |||
# so they do not use these tags. | |||
def csrf_meta_tags | |||
<<-METAS.strip_heredoc.html_safe if protect_against_forgery? | |||
<meta name="csrf-param" content="#{Rack::Utils.escape_html(request_forgery_protection_token)}"/> | |||
<meta name="csrf-token" content="#{Rack::Utils.escape_html(form_authenticity_token)}"/> | |||
METAS | |||
end | end | ||
|
|||
# For backwards compatibility. | |||
alias csrf_meta_tag csrf_meta_tags | |||
end | end | ||
end | end | ||
end | end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters