diff options
| author | Piotr Sarnacki <drogus@gmail.com> | 2013-05-04 15:09:22 +0200 |
|---|---|---|
| committer | Łukasz Strzałkowski <lukasz.strzalkowski@gmail.com> | 2013-06-20 17:23:15 +0200 |
| commit | 0d6e8edc2a47a4b4c6824936632bfb83850db343 (patch) | |
| tree | 8829bfb94756e48e9489c4e8d22bb41df251bc81 /actionview/lib/action_view/helpers/csrf_helper.rb | |
| parent | 78b0934dd1bb84e8f093fb8ef95ca99b297b51cd (diff) | |
| download | rails-0d6e8edc2a47a4b4c6824936632bfb83850db343.tar.gz rails-0d6e8edc2a47a4b4c6824936632bfb83850db343.tar.bz2 rails-0d6e8edc2a47a4b4c6824936632bfb83850db343.zip | |
Move actionpack/lib/action_view* into actionview/lib
Diffstat (limited to 'actionview/lib/action_view/helpers/csrf_helper.rb')
| -rw-r--r-- | actionview/lib/action_view/helpers/csrf_helper.rb | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/actionview/lib/action_view/helpers/csrf_helper.rb b/actionview/lib/action_view/helpers/csrf_helper.rb new file mode 100644 index 0000000000..eeb0ed94b9 --- /dev/null +++ b/actionview/lib/action_view/helpers/csrf_helper.rb @@ -0,0 +1,30 @@ +module ActionView + # = Action View CSRF Helper + module Helpers + module CsrfHelper + # Returns meta tags "csrf-param" and "csrf-token" with the name of the cross-site + # request forgery protection parameter and token, respectively. + # + # <head> + # <%= csrf_meta_tags %> + # </head> + # + # These are used to generate the dynamic forms that implement non-remote links with + # <tt>:method</tt>. + # + # Note that regular forms generate hidden fields, and that Ajax calls are whitelisted, + # so they do not use these tags. + def csrf_meta_tags + if protect_against_forgery? + [ + tag('meta', :name => 'csrf-param', :content => request_forgery_protection_token), + tag('meta', :name => 'csrf-token', :content => form_authenticity_token) + ].join("\n").html_safe + end + end + + # For backwards compatibility. + alias csrf_meta_tag csrf_meta_tags + end + end +end |