Sha256: 99e25ddafb28a59c795499be750974f86e8e5e0e0654fcf198895de22cdc5425

Contents?: true

Size: 871 Bytes

Versions: 6

Compression:

Stored size: 871 Bytes

Contents

module ForgeryProtector
  BROWSER_GENERATED_TYPES = %w(
    text/html
    text/plain
    application/x-www-form-urlencoded
    multipart/form-data    
  ).to_set
  
  BROWSER_GENERATED_FORMATS = %w(html js)
  
  protected
    def protect_from_forgery
      request = workspace.request
      if request.session        
        sat = request.session['authenticity_token']
        content_type = request.content_type
        format = workspace.params.format

        allow = (
          request.get? or
          (content_type.present? and !BROWSER_GENERATED_TYPES.include?(content_type.downcase)) or
          (format.present? and !BROWSER_GENERATED_FORMATS.include?(format)) or
          (sat.present? and sat == params.authenticity_token)
        )
        
        raise "invalid authenticity token!" unless allow

        @authenticity_token = sat
      end
    end
end

Version data entries

6 entries across 6 versions & 1 rubygems

Version Path
rad_ext-0.0.6 lib/rad/controller/forgery_protector.rb
rad_ext-0.0.5 lib/rad/controller/forgery_protector.rb
rad_ext-0.0.4 lib/rad/controller/forgery_protector.rb
rad_ext-0.0.3 lib/rad/controller/forgery_protector.rb
rad_ext-0.0.2 lib/rad/controller/forgery_protector.rb
rad_ext-0.0.1 lib/rad/controller/forgery_protector.rb