module Rodauth::Rails::Feature::Csrf
Public Class Methods
included(feature)
click to toggle source
# File lib/rodauth/rails/feature/csrf.rb, line 5 def self.included(feature) feature.auth_methods( :rails_csrf_tag, :rails_csrf_param, :rails_csrf_token, :rails_check_csrf!, ) end
Public Instance Methods
check_csrf()
click to toggle source
Verify Rails' authenticity token.
# File lib/rodauth/rails/feature/csrf.rb, line 20 def check_csrf rails_check_csrf! end
check_csrf?()
click to toggle source
Have Rodauth
call check_csrf
automatically.
# File lib/rodauth/rails/feature/csrf.rb, line 25 def check_csrf? true end
Private Instance Methods
rails_check_csrf!()
click to toggle source
Calls the controller to verify the authenticity token.
# File lib/rodauth/rails/feature/csrf.rb, line 44 def rails_check_csrf! rails_controller_instance.send(:verify_authenticity_token) end
rails_controller_callbacks() { || ... }
click to toggle source
Calls superclass method
# File lib/rodauth/rails/feature/csrf.rb, line 31 def rails_controller_callbacks return super if rails_api_controller? # don't verify CSRF token as part of callbacks, Rodauth will do that rails_controller_instance.allow_forgery_protection = false super do # turn the setting back to default so that form tags generate CSRF tags rails_controller_instance.allow_forgery_protection = rails_controller.allow_forgery_protection yield end end
rails_csrf_param()
click to toggle source
The request parameter under which to send the Rails
CSRF token.
# File lib/rodauth/rails/feature/csrf.rb, line 54 def rails_csrf_param rails_controller.request_forgery_protection_token end
rails_csrf_tag()
click to toggle source