Contents

# frozen_string_literal: true

module ShopifyApp
  module CsrfProtection
    extend ActiveSupport::Concern
    included do
      protect_from_forgery with: :exception, unless: :valid_session_token?
    end

    private

    def valid_session_token?
      request.env["jwt.shopify_domain"]
    end
  end
end

Version data entries

30 entries across 30 versions & 1 rubygems

Version	Path
shopify_app-22.2.1	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-22.2.0	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-22.1.0	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-22.0.1	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-22.00.0	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-21.10.0	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-21.9.0	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-21.8.1	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-21.8.0	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-21.7.0	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-21.6.0	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-21.5.0	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-21.4.1	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-21.4.0	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-21.3.1	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-21.3.0	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-21.2.0	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-21.1.1	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-21.1.0	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-21.0.0	lib/shopify_app/controller_concerns/csrf_protection.rb