module Roda::RodaPlugins::FormeRouteCsrf::InstanceMethods

  1. lib/roda/plugins/forme_route_csrf.rb

Methods

Public Instance

  1. form

Public Instance methods

form (obj=nil, attr={}, opts={}, &block)

Create a Form object tied to the current output buffer, using the standard ERB hidden tags.

[show source]
   # File lib/roda/plugins/forme_route_csrf.rb
18 def form(obj=nil, attr={}, opts={}, &block)
19   if obj.is_a?(Hash)
20     attribs = obj
21     options = attr = attr.dup
22   else
23     attribs = attr
24     options = opts = opts.dup
25   end
26 
27   apply_csrf = options[:csrf]
28 
29   if apply_csrf || apply_csrf.nil?
30     unless method = attribs[:method] || attribs['method']
31       if obj && !obj.is_a?(Hash) && obj.respond_to?(:forme_default_request_method)
32         method = obj.forme_default_request_method
33       end
34     end
35   end
36 
37   if apply_csrf.nil?
38     apply_csrf = csrf_options[:check_request_methods].include?(method.to_s.upcase)
39   end
40 
41   if apply_csrf
42     token = if options.fetch(:use_request_specific_token){use_request_specific_csrf_tokens?}
43       csrf_token(csrf_path(attribs[:action]), method)
44     else
45       csrf_token
46     end
47 
48     options[:csrf] = [csrf_field, token]
49     options[:hidden_tags] ||= []
50     options[:hidden_tags] += [{csrf_field=>token}]
51   end
52 
53   options[:output] = @_out_buf if block
54   _forme_form_options(options)
55   _forme_form_class.form(obj, attr, opts, &block)
56 end