module Roda::RodaPlugins::RouteCsrf::InstanceMethods

def check_csrf!(opts=OPTS, &block)

if a block is not given, use the :csrf_failure option to determine how to handle it.
Otherwise, if a block is given, treat it as a routing block and yield to it, and
If the CSRF token is valid or the request does not require a CSRF token, return nil.
Check that the submitted CSRF token is valid, if the request requires a CSRF token.

def check_csrf!(opts=OPTS, &block)
  if msg = csrf_invalid_message(opts)
    if block
      @_request.on(&block)
    end
    
    case failure_action = opts.fetch(:csrf_failure, csrf_options[:csrf_failure])
    when :raise
      raise InvalidToken, msg
    when :empty_403
      @_response.status = 403
      headers = @_response.headers
      headers.clear
      headers[RodaResponseHeaders::CONTENT_TYPE] = 'text/html'
      headers[RodaResponseHeaders::CONTENT_LENGTH] ='0'
      throw :halt, @_response.finish_with_body([])
    when :clear_session
      session.clear
    when :csrf_failure_method
      @_request.on{_roda_route_csrf_failure(@_request)}
    when Proc
      RodaPlugins.warn "Passing a Proc as the :csrf_failure option value to check_csrf! is deprecated"
      @_request.on{instance_exec(@_request, &failure_action)} # Deprecated
    else
      raise RodaError, "Unsupported :csrf_failure option: #{failure_action.inspect}"
    end
  end
end

Modules

Classes

module Roda::RodaPlugins::RouteCsrf::InstanceMethods

def check_csrf!(opts=OPTS, &block)

Instance Methods