Contents

require 'digest/sha1'

module ActionController #:nodoc:

  module RequestForgeryProtection

    protected

      alias_method :original_form_authenticity_token, :form_authenticity_token
      # Sets the token value for the current session.
      def form_authenticity_token
        raise 'XSRF token secret must be defined' if XSRF_TOKEN_SECRET.nil? || XSRF_TOKEN_SECRET.empty?
        if request.session_options[:id]
          Digest::SHA1.hexdigest("#{XSRF_TOKEN_SECRET}#{request.session_options[:id]}#{request.subdomain}")
        else
          original_form_authenticity_token
        end
      end

  end
end

Version data entries

4 entries across 4 versions & 1 rubygems

Version	Path
subdomainbox-0.3.5	lib/subdomainbox/secure_xsrf_token.rb
subdomainbox-0.3.4	lib/secure_xsrf_token.rb
subdomainbox-0.3.3	lib/secure_xsrf_token.rb
subdomainbox-0.2.0	lib/secure_xsrf_token.rb