rails--rails/actionview/lib/action_view/helpers/csrf_helper.rb

# frozen_string_literal: true

module ActionView
  # = Action View CSRF Helper
  module Helpers #:nodoc:
    module CsrfHelper
      # Returns meta tags "csrf-param" and "csrf-token" with the name of the cross-site
      # request forgery protection parameter and token, respectively.
      #
      #   <head>
      #     <%= csrf_meta_tags %>
      #   </head>
      #
      # These are used to generate the dynamic forms that implement non-remote links with
      # <tt>:method</tt>.
      #
      # You don't need to use these tags for regular forms as they generate their own hidden fields.
      #
      # For AJAX requests other than GETs, extract the "csrf-token" from the meta-tag and send as the
      # "X-CSRF-Token" HTTP header. If you are using rails-ujs this happens automatically.
      #
      def csrf_meta_tags
        if protect_against_forgery?
          [
            tag("meta", name: "csrf-param", content: request_forgery_protection_token),
            tag("meta", name: "csrf-token", content: form_authenticity_token)
          ].join("\n").html_safe
        end
      end

      # For backwards compatibility.
      alias csrf_meta_tag csrf_meta_tags
    end
  end
end
Use frozen string literal in actionview/ 2017-07-23 11:36:41 -04:00			`# frozen_string_literal: true`

Expose CSRF tag for UJS adapters 2010-02-04 17:15:16 -05:00			`module ActionView`
Adds title and description where needed. 2010-06-16 14:17:49 -04:00			`# = Action View CSRF Helper`
Fix broken doc layout for action_view [ci skip] 2017-08-26 20:12:19 -04:00			`module Helpers #:nodoc:`
Expose CSRF tag for UJS adapters 2010-02-04 17:15:16 -05:00			`module CsrfHelper`
revises implementation and documentation of csrf_meta_tags, and aliases csrf_meta_tag to it for backwards compatibilty 2010-09-11 05:04:19 -04:00			`# Returns meta tags "csrf-param" and "csrf-token" with the name of the cross-site`
			`# request forgery protection parameter and token, respectively.`
			`#`
			`# <head>`
			`# <%= csrf_meta_tags %>`
			`# </head>`
			`#`
			`# These are used to generate the dynamic forms that implement non-remote links with`
			`# <tt>:method</tt>.`
			`#`
be more specific about csrf token and ajax - not whitelisted outside of jquery-rails [ci skip] 2013-07-26 11:47:18 -04:00			`# You don't need to use these tags for regular forms as they generate their own hidden fields.`
			`#`
normalizes indentation and whitespace across the project 2016-08-06 13:55:02 -04:00			`# For AJAX requests other than GETs, extract the "csrf-token" from the meta-tag and send as the`
[ci skip]Replace jquery-ujs with rails-ujs 2017-07-19 00:36:42 -04:00			`# "X-CSRF-Token" HTTP header. If you are using rails-ujs this happens automatically.`
be more specific about csrf token and ajax - not whitelisted outside of jquery-rails [ci skip] 2013-07-26 11:47:18 -04:00			`#`
revises implementation and documentation of csrf_meta_tags, and aliases csrf_meta_tag to it for backwards compatibilty 2010-09-11 05:04:19 -04:00			`def csrf_meta_tags`
Make csrf_meta_tags use the tag helper Improved formatting of csrf_helper and improved test coverage 2011-04-07 20:18:33 -04:00			`if protect_against_forgery?`
			`[`
modernizes hash syntax in actionview 2016-08-06 13:36:34 -04:00			`tag("meta", name: "csrf-param", content: request_forgery_protection_token),`
			`tag("meta", name: "csrf-token", content: form_authenticity_token)`
Make csrf_meta_tags use the tag helper Improved formatting of csrf_helper and improved test coverage 2011-04-07 20:18:33 -04:00			`].join("\n").html_safe`
			`end`
Expose CSRF tag for UJS adapters 2010-02-04 17:15:16 -05:00			`end`
revises implementation and documentation of csrf_meta_tags, and aliases csrf_meta_tag to it for backwards compatibilty 2010-09-11 05:04:19 -04:00
			`# For backwards compatibility.`
			`alias csrf_meta_tag csrf_meta_tags`
Expose CSRF tag for UJS adapters 2010-02-04 17:15:16 -05:00			`end`
			`end`
			`end`