module Roda::RodaPlugins::Csrf
The csrf plugin adds CSRF
protection using rack_csrf, along with some csrf helper methods to use in your views. To use it, load the plugin, with the options hash passed to Rack::Csrf:
plugin :csrf, :raise=>true
This adds the following instance methods:
- csrf_field
-
The field name to use for the hidden/meta csrf tag.
- csrf_header
-
The http header name to use for submitting csrf token via headers (useful for javascript).
- csrf_metatag
-
An html meta tag string containing the token, suitable for placing in the page header
- csrf_tag
-
An html hidden input tag string containing the token, suitable for placing in an html form.
- csrf_token
-
The value of the csrf token, in case it needs to be accessed directly.
Constants
- CSRF
Public Class Methods
configure(app, opts={})
click to toggle source
Load the Rack::Csrf middleware into the app with the given options.
# File lib/roda/plugins/csrf.rb, line 26 def self.configure(app, opts={}) app.use CSRF, opts end