module Roda::RodaPlugins::Csrf

This plugin is no longer recommended for use, it exists only for backwards compatibility. Consider using the route_csrf plugin instead, as that provides stronger CSRF protection.

The csrf plugin adds CSRF protection using rack_csrf, along with some csrf helper methods to use in your views. To use it, load the plugin, with the options hash passed to Rack::Csrf:

plugin :csrf, raise: true

Optionally you can choose not to setup rack_csrf middleware on the roda app if you already have one configured:

plugin :csrf, skip_middleware: true

This adds the following instance methods:

csrf_field

The field name to use for the hidden/meta csrf tag.

csrf_header

The http header name to use for submitting csrf token via headers (useful for javascript).

csrf_metatag

An html meta tag string containing the token, suitable for placing in the page header

csrf_tag

An html hidden input tag string containing the token, suitable for placing in an html form.

csrf_token

The value of the csrf token, in case it needs to be accessed directly.