Sha256: 1910f72253d4614676e67b26094ba196b8a0962f754bff1f3d27c212bf7bf6b1

Contents?: true

Size: 717 Bytes

Versions: 69

Compression:

Stored size: 717 Bytes

Contents

require 'rack/protection'

module Rack
  module Protection
    ##
    # Prevented attack::   CSRF
    # Supported browsers:: all
    # More infos::         http://en.wikipedia.org/wiki/Cross-site_request_forgery
    #
    # Only accepts unsafe HTTP requests if a given access token matches the token
    # included in the session.
    #
    # Compatible with Rails and rack-csrf.
    class AuthenticityToken < Base
      def accepts?(env)
        return true if safe? env
        session = session env
        token   = session[:csrf] ||= session['_csrf_token'] || random_string
        env['HTTP_X_CSRF_TOKEN'] == token or
          Request.new(env).params['authenticity_token'] == token
      end
    end
  end
end

Version data entries

69 entries across 67 versions & 5 rubygems

Version Path
classiccms-0.7.5 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/authenticity_token.rb
classiccms-0.7.4 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/authenticity_token.rb
classiccms-0.7.3 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/authenticity_token.rb
torquebox-console-0.3.0 vendor/bundle/jruby/1.9/gems/rack-protection-1.4.0/lib/rack/protection/authenticity_token.rb
classiccms-0.7.2 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/authenticity_token.rb
classiccms-0.7.1 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/authenticity_token.rb
classiccms-0.7.0 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/authenticity_token.rb
torquebox-console-0.2.5 vendor/bundle/jruby/1.9/gems/rack-protection-1.4.0/lib/rack/protection/authenticity_token.rb
torquebox-console-0.2.5 vendor/bundle/ruby/1.8/gems/rack-protection-1.4.0/lib/rack/protection/authenticity_token.rb
rack-protection-1.5.0 lib/rack/protection/authenticity_token.rb
torquebox-console-0.2.4 vendor/bundle/ruby/1.8/gems/rack-protection-1.4.0/lib/rack/protection/authenticity_token.rb
torquebox-console-0.2.4 vendor/bundle/jruby/1.9/gems/rack-protection-1.4.0/lib/rack/protection/authenticity_token.rb
torquebox-console-0.2.3 vendor/bundle/jruby/1.9/gems/rack-protection-1.4.0/lib/rack/protection/authenticity_token.rb
rack-protection-1.4.0 lib/rack/protection/authenticity_token.rb
classiccms-0.6.9 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/authenticity_token.rb
rack-protection-1.3.2 lib/rack/protection/authenticity_token.rb
rack-protection-1.3.1 lib/rack/protection/authenticity_token.rb
classiccms-0.6.8 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/authenticity_token.rb
classiccms-0.6.7 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/authenticity_token.rb
classiccms-0.6.6 vendor/bundle/gems/rack-protection-1.2.0/lib/rack/protection/authenticity_token.rb