diff options
author | Piotr Sarnacki <drogus@gmail.com> | 2013-06-20 15:42:49 -0700 |
---|---|---|
committer | Piotr Sarnacki <drogus@gmail.com> | 2013-06-20 15:42:49 -0700 |
commit | a29f746398e7b0647885343e7f26d977dd251999 (patch) | |
tree | 1e2cd2ee1f8f31812c0acf71350ffe423ca8c5a9 /actionview/lib/action_view/helpers/csrf_helper.rb | |
parent | 7c69a829a311a31109939cff19b700b36b97d5c4 (diff) | |
parent | d6b1caa8f2011487c08b414605883f1f220d0aaa (diff) | |
download | rails-a29f746398e7b0647885343e7f26d977dd251999.tar.gz rails-a29f746398e7b0647885343e7f26d977dd251999.tar.bz2 rails-a29f746398e7b0647885343e7f26d977dd251999.zip |
Merge pull request #11032 from strzalek/extract-actionview
Extract ActionView to separate directory
Diffstat (limited to 'actionview/lib/action_view/helpers/csrf_helper.rb')
-rw-r--r-- | actionview/lib/action_view/helpers/csrf_helper.rb | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/actionview/lib/action_view/helpers/csrf_helper.rb b/actionview/lib/action_view/helpers/csrf_helper.rb new file mode 100644 index 0000000000..eeb0ed94b9 --- /dev/null +++ b/actionview/lib/action_view/helpers/csrf_helper.rb @@ -0,0 +1,30 @@ +module ActionView + # = Action View CSRF Helper + module Helpers + module CsrfHelper + # Returns meta tags "csrf-param" and "csrf-token" with the name of the cross-site + # request forgery protection parameter and token, respectively. + # + # <head> + # <%= csrf_meta_tags %> + # </head> + # + # These are used to generate the dynamic forms that implement non-remote links with + # <tt>:method</tt>. + # + # Note that regular forms generate hidden fields, and that Ajax calls are whitelisted, + # so they do not use these tags. + def csrf_meta_tags + if protect_against_forgery? + [ + tag('meta', :name => 'csrf-param', :content => request_forgery_protection_token), + tag('meta', :name => 'csrf-token', :content => form_authenticity_token) + ].join("\n").html_safe + end + end + + # For backwards compatibility. + alias csrf_meta_tag csrf_meta_tags + end + end +end |