module Roda::RodaPlugins::FormeRouteCsrf::InstanceMethods
Private Instance Methods
_forme_form_options(obj, attr, opts)
click to toggle source
Add the csrf and hidden tags options if needed.
Calls superclass method
Forme::Template::Helper#_forme_form_options
# File lib/roda/plugins/forme_route_csrf.rb 21 def _forme_form_options(obj, attr, opts) 22 super 23 24 apply_csrf = opts[:csrf] 25 26 if apply_csrf || apply_csrf.nil? 27 unless method = attr[:method] || attr['method'] 28 if obj && !obj.is_a?(Hash) && obj.respond_to?(:forme_default_request_method) 29 method = obj.forme_default_request_method 30 end 31 end 32 end 33 34 if apply_csrf.nil? 35 apply_csrf = csrf_options[:check_request_methods].include?(method.to_s.upcase) 36 end 37 38 if apply_csrf 39 token = if use_request_specific_token = opts.fetch(:use_request_specific_token){use_request_specific_csrf_tokens?} 40 csrf_token(csrf_path(attr[:action]), method) 41 else 42 csrf_token 43 end 44 45 opts[:csrf] = [csrf_field, token] 46 opts[:_before] = lambda do |form| 47 form.tag(:input, :type=>:hidden, :name=>csrf_field, :value=>token) 48 end 49 50 if use_request_specific_token && (formaction_field = csrf_options[:formaction_field]) 51 formactions = opts[:formactions] = [] 52 formaction_tokens = opts[:formaction_tokens] = {} 53 _after = opts[:_after] 54 opts[:formaction_csrfs] = [formaction_field, formaction_tokens] 55 formaction_field = csrf_options[:formaction_field] 56 opts[:_after] = lambda do |form| 57 formactions.each do |action, method| 58 path = csrf_path(action) 59 fa_token = csrf_token(path, method) 60 formaction_tokens[path] = fa_token 61 form.tag(:input, :type=>:hidden, :name=>"#{formaction_field}[#{path}]", :value=>fa_token) 62 end 63 _after.call(form) if _after 64 end 65 end 66 end 67 end