Contents

# frozen_string_literal: true

module ShopifyApp
  module CsrfProtection
    extend ActiveSupport::Concern
    included do
      protect_from_forgery with: :exception, unless: :valid_session_token?
    end

    private

    def valid_session_token?
      request.env["jwt.shopify_domain"]
    end
  end
end

Version data entries

30 entries across 30 versions & 1 rubygems

Version	Path
shopify_app-20.2.0	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-20.1.1	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-20.1.0	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-20.0.2	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-20.0.1	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-20.0.0	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-19.1.0	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-19.0.2	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-19.0.1	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-19.0.0	lib/shopify_app/controller_concerns/csrf_protection.rb