diff options
| author | Ben Toews <mastahyeti@users.noreply.github.com> | 2016-01-04 12:23:55 -0700 |
|---|---|---|
| committer | Ben Toews <mastahyeti@users.noreply.github.com> | 2016-01-04 12:26:38 -0700 |
| commit | 3e98819e20bc113343d4d4c0df614865ad5a9d3a (patch) | |
| tree | fa003a9cbbec97f7d1cdb9a87a2c065473ad2e4d /actionview/lib/action_view/helpers/url_helper.rb | |
| parent | e165f7fa6044926796c9d9a8bb9a81bc78431d4f (diff) | |
| download | rails-3e98819e20bc113343d4d4c0df614865ad5a9d3a.tar.gz rails-3e98819e20bc113343d4d4c0df614865ad5a9d3a.tar.bz2 rails-3e98819e20bc113343d4d4c0df614865ad5a9d3a.zip | |
add option for per-form CSRF tokens
Diffstat (limited to 'actionview/lib/action_view/helpers/url_helper.rb')
| -rw-r--r-- | actionview/lib/action_view/helpers/url_helper.rb | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/actionview/lib/action_view/helpers/url_helper.rb b/actionview/lib/action_view/helpers/url_helper.rb index baebc34b4b..3a4561a083 100644 --- a/actionview/lib/action_view/helpers/url_helper.rb +++ b/actionview/lib/action_view/helpers/url_helper.rb @@ -311,7 +311,11 @@ module ActionView form_options[:action] = url form_options[:'data-remote'] = true if remote - request_token_tag = form_method == 'post' ? token_tag : '' + request_token_tag = if form_method == 'post' + token_tag(nil, form_options: form_options) + else + '' + end html_options = convert_options_to_data_attributes(options, html_options) html_options['type'] = 'submit' @@ -579,9 +583,9 @@ module ActionView html_options["data-method"] = method end - def token_tag(token=nil) + def token_tag(token=nil, form_options: {}) if token != false && protect_against_forgery? - token ||= form_authenticity_token + token ||= form_authenticity_token(form_options: form_options) tag(:input, type: "hidden", name: request_forgery_protection_token.to_s, value: token) else '' |