RubygemsResearch

Sha256: b67d4f953795057c13884f14ba61923a405ba9d2b6a04064f1de64e6e78a1fed

Contents?: true

Size: 807 Bytes

Versions: 11

Compression:

Stored size: 807 Bytes

# frozen_string_literal: true

module Quilt
  class HeaderCsrfStrategy
    HEADER = "x-shopify-react-xhr"
    HEADER_VALUE = "1"

    def initialize(controller)
      @controller = controller
    end

    def handle_unverified_request
      raise NoSameSiteHeaderError unless same_site?
    end

    private

    def same_site?
      @controller.request.headers[HEADER] == HEADER_VALUE
    end

    def fallback_handler
      ActionController::RequestForgeryProtection::ProtectionMethods::Exception.new(@controller)
    end

    class NoSameSiteHeaderError < StandardError
      def initialize
        super(<<~MSG.squish)
          CSRF verification failed. This request is missing the
          `x-shopify-react-xhr` header, or it does not have the expected value.
        MSG
      end
    end
  end
end

Version data entries

11 entries across 11 versions & 1 rubygems

Version	Path
quilt_rails-3.6.0	lib/quilt_rails/header_csrf_strategy.rb
quilt_rails-3.5.6	lib/quilt_rails/header_csrf_strategy.rb
quilt_rails-3.5.5	lib/quilt_rails/header_csrf_strategy.rb
quilt_rails-3.5.4	lib/quilt_rails/header_csrf_strategy.rb
quilt_rails-3.5.2	lib/quilt_rails/header_csrf_strategy.rb
quilt_rails-3.5.1	lib/quilt_rails/header_csrf_strategy.rb
quilt_rails-3.5.0	lib/quilt_rails/header_csrf_strategy.rb
quilt_rails-3.4.2	lib/quilt_rails/header_csrf_strategy.rb
quilt_rails-3.4.1	lib/quilt_rails/header_csrf_strategy.rb
quilt_rails-3.4.0	lib/quilt_rails/header_csrf_strategy.rb
quilt_rails-3.3.1	lib/quilt_rails/header_csrf_strategy.rb