Contents

# frozen_string_literal: true
module ShopifyApp
  module CsrfProtection
    extend ActiveSupport::Concern
    included do
      protect_from_forgery with: :exception, unless: :valid_session_token?
    end

    private

    def valid_session_token?
      request.env['jwt.shopify_domain']
    end
  end
end

Version data entries

42 entries across 42 versions & 2 rubygems

Version	Path
shopify_app-17.0.5	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-17.0.4	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-17.0.3	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-17.0.2	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-17.0.1	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-17.0.0	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-16.1.0	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-16.0.0	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-15.0.1	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-15.0.0	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-14.4.4	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-14.4.3	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-14.4.2	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-14.4.1	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-14.4.0	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-14.3.0	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-14.2.0	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-14.1.0	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-14.0.0	lib/shopify_app/controller_concerns/csrf_protection.rb
shopify_app-13.5.0	lib/shopify_app/controller_concerns/csrf_protection.rb