phoenixframework · chrismccord · Jul 2, 2021 · Jul 1, 2021 · Jul 2, 2021
diff --git a/lib/phoenix_html/form_data.ex b/lib/phoenix_html/form_data.ex
@@ -149,12 +149,11 @@ defimpl Phoenix.HTML.FormData, for: [Plug.Conn, Atom] do
 
   def input_value(_conn_or_atom, %{data: data, params: params}, field)
       when is_atom(field) or is_binary(field) do
-    case Map.fetch(params, field_to_string(field)) do
-      {:ok, value} ->
-        value
+    key = field_to_string(field)
 
-      :error ->
-        Map.get(data, field)
+    case params do
+      %{^key => value} -> value
+      %{} -> Map.get(data, field)
     end
   end
 

diff --git a/lib/phoenix_html/link.ex b/lib/phoenix_html/link.ex
@@ -231,18 +231,13 @@ defmodule Phoenix.HTML.Link do
         {[csrf: csrf], opts}
 
       {true, opts} ->
-        {[csrf: csrf_token(to)], opts}
+        {[csrf: Phoenix.HTML.Tag.csrf_token_value(to)], opts}
 
       {false, opts} ->
         {[], opts}
     end
   end
 
-  defp csrf_token(to) do
-    {mod, fun, args} = Application.fetch_env!(:phoenix_html, :csrf_token_reader)
-    apply(mod, fun, [to | args])
-  end
-
   defp pop_required_option!(opts, key, error_message) do
     {value, opts} = Keyword.pop(opts, key)
 

diff --git a/lib/phoenix_html/tag.ex b/lib/phoenix_html/tag.ex
@@ -282,15 +282,20 @@ defmodule Phoenix.HTML.Tag do
         {extra <> ~s'<input name="#{@csrf_param}" type="hidden" value="#{csrf_token}">', opts}
 
       {true, opts} ->
-        csrf_token = csrf_token(to)
+        csrf_token = csrf_token_value(to)
         {extra <> ~s'<input name="#{@csrf_param}" type="hidden" value="#{csrf_token}">', opts}
 
       {false, opts} ->
         {extra, opts}
     end
   end
 
-  defp csrf_token(to) do
+  @doc """
+  Returns the csrf_token value to be used by forms, meta tags, etc.
+
+  By default, CSRF tokens are generated through `Plug.CSRFProtection`.
+  """
+  def csrf_token_value(to) do
     {mod, fun, args} = Application.fetch_env!(:phoenix_html, :csrf_token_reader)
     apply(mod, fun, [to | args])
   end
@@ -310,7 +315,7 @@ defmodule Phoenix.HTML.Tag do
       :meta,
       charset: "UTF-8",
       name: "csrf-token",
-      content: csrf_token(%URI{host: nil}),
+      content: csrf_token_value(%URI{host: nil}),
       "csrf-param": @csrf_param,
       "method-param": @method_param
     )

diff --git a/test/phoenix_html/tag_test.exs b/test/phoenix_html/tag_test.exs
@@ -223,4 +223,20 @@ defmodule Phoenix.HTML.TagTest do
     assert safe_to_string(csrf_meta_tag()) ==
              ~s(<meta charset="UTF-8" content="#{csrf_token}" csrf-param="_csrf_token" method-param="_method" name="csrf-token">)
   end
+
+  describe "csrf_token_value" do
+    def custom_csrf(to, extra), do: "#{extra}:#{to}"
+
+    test "with default" do
+      assert csrf_token_value("/") == Plug.CSRFProtection.get_csrf_token()
+    end
+
+    @default_reader Application.fetch_env!(:phoenix_html, :csrf_token_reader)
+    test "with configured MFA" do
+      Application.put_env(:phoenix_html, :csrf_token_reader, {__MODULE__, :custom_csrf, ["extra"]})
+      assert csrf_token_value("/foo") == "extra:/foo"
+    after
+      Application.put_env(:phoenix_html, :csrf_token_reader, @default_reader)
+    end
+  end
 end