module Roda::RodaPlugins::FormeRouteCsrf::InstanceMethods

  1. lib/roda/plugins/forme_route_csrf.rb

Methods

Public Instance

  1. form

Public Instance methods

form (obj=nil, attr={}, opts={}, &block)

Create a Form object tied to the current output buffer, using the standard ERB hidden tags.

[show source]
# File lib/roda/plugins/forme_route_csrf.rb, line 17
def form(obj=nil, attr={}, opts={}, &block)
  if obj.is_a?(Hash)
    attribs = obj
    options = attr = attr.dup
  else
    attribs = attr
    options = opts = opts.dup
  end

  apply_csrf = options[:csrf]

  if apply_csrf || apply_csrf.nil?
    unless method = attribs[:method] || attribs['method']
      if obj && !obj.is_a?(Hash) && obj.respond_to?(:forme_default_request_method)
        method = obj.forme_default_request_method
      end
    end
  end

  if apply_csrf.nil?
    apply_csrf = csrf_options[:check_request_methods].include?(method.to_s.upcase)
  end

  if apply_csrf
    token = if options.fetch(:use_request_specific_token){use_request_specific_csrf_tokens?}
      csrf_token(csrf_path(attribs[:action]), method)
    else
      csrf_token
    end

    options[:hidden_tags] ||= []
    options[:hidden_tags] += [{csrf_field=>token}]
  end

  options[:output] = @_out_buf if block
  ::Forme::ERB::Form.form(obj, attr, opts, &block)
end