Sha256: 6dc833cec8b931ea2210bf44b332fe88f86b4fbd06d8c97eb46410b20d0f32cd
Contents?: true
Size: 1.18 KB
Versions: 9
Compression:
Stored size: 1.18 KB
Contents
class Jets::Controller
module ForgeryProtection
extend ActiveSupport::Concern
included do
config = Jets.config
default_protect_from_forgery = config.dig(:controllers, :default_protect_from_forgery)
if default_protect_from_forgery
protect_from_forgery
end
end
class_methods do
def protect_from_forgery(options = {})
before_action :verify_authenticity_token, options
end
def skip_forgery_protection
skip_before_action :verify_authenticity_token
end
def forgery_protection_enabled?
# Example:
#
# before_actions [[:verify_authenticity_token, {}], [:set_post, {:only=>[:show, :edit, :update, :delete]}
#
before_actions.map { |a| a[0] }.include?(:verify_authenticity_token)
end
end
# Instance methods
def verify_authenticity_token
return true if ENV['TEST'] || request.get? || request.head?
token = session[:authenticity_token]
verified = !token.nil? && (token == params[:authenticity_token] || token == request.headers["x-csrf-token"])
unless verified
raise Error::InvalidAuthenticityToken
end
end
end
end
Version data entries
9 entries across 9 versions & 1 rubygems