Sha256: a08fff830a1751473db82c5f819e45af9ce968b24cbc365c312593fb394dd57f

Contents?: true

Size: 911 Bytes

Versions: 50

Compression:

Stored size: 911 Bytes

Contents

require 'rack/protection'

module Rack
  module Protection
    ##
    # Prevented attack::   CSRF
    # Supported browsers:: all
    # More infos::         http://en.wikipedia.org/wiki/Cross-site_request_forgery
    #
    # Only accepts unsafe HTTP requests if a given access token matches the token
    # included in the session.
    #
    # Compatible with Rails and rack-csrf.
    #
    # Options:
    #
    # authenticity_param: Defines the param's name that should contain the token on a request.
    #
    class AuthenticityToken < Base
      default_options :authenticity_param => 'authenticity_token'

      def accepts?(env)
        session = session env
        token   = session[:csrf] ||= session['_csrf_token'] || random_string
        safe?(env) ||
          env['HTTP_X_CSRF_TOKEN'] == token ||
          Request.new(env).params[options[:authenticity_param]] == token
      end
    end
  end
end

Version data entries

50 entries across 49 versions & 17 rubygems

Version Path
logstash-filter-csharp-0.2.1 vendor/bundle/jruby/2.3.0/gems/rack-protection-1.5.3/lib/rack/protection/authenticity_token.rb
logstash-filter-csharp-0.2.0 vendor/bundle/jruby/2.3.0/gems/rack-protection-1.5.3/lib/rack/protection/authenticity_token.rb
rack-protection-1.5.4 lib/rack/protection/authenticity_token.rb
logstash-output-icinga-1.1.0 vendor/jruby/2.3.0/gems/rack-protection-1.5.3/lib/rack/protection/authenticity_token.rb
logstash-output-icinga-1.1.0 vendor/jruby/1.9/gems/rack-protection-1.5.3/lib/rack/protection/authenticity_token.rb
logstash-filter-cache-redis-0.3.1 vendor/bundle/jruby/1.9/gems/rack-protection-1.5.3/lib/rack/protection/authenticity_token.rb
logstash-filter-cache-redis-0.3.0 vendor/bundle/jruby/1.9/gems/rack-protection-1.5.3/lib/rack/protection/authenticity_token.rb
logstash-filter-cache-redis-0.2.0 vendor/bundle/jruby/1.9/gems/rack-protection-1.5.3/lib/rack/protection/authenticity_token.rb
logstash-filter-cache-redis-0.1.0 vendor/bundle/jruby/1.9/gems/rack-protection-1.5.3/lib/rack/protection/authenticity_token.rb
logstash-filter-csharp-0.1.0 vendor/bundle/jruby/2.3.0/gems/rack-protection-1.5.3/lib/rack/protection/authenticity_token.rb
logstash-filter-htmlentities-0.1.0 vendor/bundle/jruby/1.9/gems/rack-protection-1.5.3/lib/rack/protection/authenticity_token.rb
logstash-output-icinga-1.0.0 vendor/jruby/1.9/gems/rack-protection-1.5.3/lib/rack/protection/authenticity_token.rb
enju_leaf-1.2.1 vendor/bundle/ruby/2.3/gems/rack-protection-1.5.3/lib/rack/protection/authenticity_token.rb
mdg-1.0.1 vendor/bundle/ruby/2.3.0/gems/rack-protection-1.5.3/lib/rack/protection/authenticity_token.rb
logstash-input-fifo-0.9.1 vendor/bundle/jruby/1.9/gems/rack-protection-1.5.3/lib/rack/protection/authenticity_token.rb
logstash-input-fifo-0.9.0 vendor/bundle/jruby/1.9/gems/rack-protection-1.5.3/lib/rack/protection/authenticity_token.rb
logstash-input-salesforce-3.0.0 vendor/jruby/1.9/gems/rack-protection-1.5.3/lib/rack/protection/authenticity_token.rb
arcabouco-0.2.13 vendor/bundle/gems/rack-protection-1.5.3/lib/rack/protection/authenticity_token.rb
ivanvc-logstash-input-s3-3.1.1.4 vendor/local/gems/rack-protection-1.5.3/lib/rack/protection/authenticity_token.rb
ivanvc-logstash-input-s3-3.1.1.3 vendor/local/gems/rack-protection-1.5.3/lib/rack/protection/authenticity_token.rb