Expose CSRF tag for UJS adapters

2 files changed, 14 insertions, 0 deletions

diff --git a/actionpack/lib/action_view/helpers.rb b/actionpack/lib/action_view/helpers.rb
index ceb0e18d80..b4f649385a 100644
--- a/actionpack/lib/action_view/helpers.rb
+++ b/actionpack/lib/action_view/helpers.rb
@@ -7,6 +7,7 @@ module ActionView #:nodoc:
     autoload :AtomFeedHelper, 'action_view/helpers/atom_feed_helper'
     autoload :CacheHelper, 'action_view/helpers/cache_helper'
     autoload :CaptureHelper, 'action_view/helpers/capture_helper'
+    autoload :CsrfHelper, 'action_view/helpers/csrf_helper'
     autoload :DateHelper, 'action_view/helpers/date_helper'
     autoload :DebugHelper, 'action_view/helpers/debug_helper'
     autoload :FormHelper, 'action_view/helpers/form_helper'
@@ -40,6 +41,7 @@ module ActionView #:nodoc:
     include AtomFeedHelper
     include CacheHelper
     include CaptureHelper
+    include CsrfHelper
     include DateHelper
     include DebugHelper
     include FormHelper
diff --git a/actionpack/lib/action_view/helpers/csrf_helper.rb b/actionpack/lib/action_view/helpers/csrf_helper.rb
new file mode 100644
index 0000000000..2d6af52180
--- /dev/null
+++ b/actionpack/lib/action_view/helpers/csrf_helper.rb
@@ -0,0 +1,12 @@
+module ActionView
+  module Helpers
+    module CsrfHelper
+      # Returns a meta tag with the request forgery protection token for forms to use. Put this in your head.
+      def csrf_meta_tag
+        if protect_against_forgery?
+          %(<meta name="csrf-token" content="#{Rack::Utils.escape(form_authenticity_token)}"/>).html_safe
+        end
+      end
+    end
+  end
+end