lib/hanami/action/csrf_protection.rb in hanami-0.7.3 vs lib/hanami/action/csrf_protection.rb in hanami-0.8.0
- old
+ new
@@ -126,11 +126,20 @@
# Don't override this method.
#
# @since 0.4.0
# @api private
def invalid_csrf_token?
- verify_csrf_token? &&
- ! ::Rack::Utils.secure_compare(session[CSRF_TOKEN], params[CSRF_TOKEN])
+ return false unless verify_csrf_token?
+
+ missing_csrf_token? ||
+ !::Rack::Utils.secure_compare(session[CSRF_TOKEN], params[CSRF_TOKEN])
+ end
+
+ # Verify the CSRF token was passed in params.
+ #
+ # @api private
+ def missing_csrf_token?
+ Hanami::Utils::Blank.blank?(params[CSRF_TOKEN])
end
# Generates a random CSRF Token
#
# @since 0.4.0