lib/roda/plugins/route_csrf.rb in roda-3.53.0 vs lib/roda/plugins/route_csrf.rb in roda-3.54.0
- old
+ new
@@ -189,10 +189,12 @@
case failure_action = opts.fetch(:csrf_failure, csrf_options[:csrf_failure])
when :raise
raise InvalidToken, msg
when :empty_403
- throw :halt, [403, {'Content-Type'=>'text/html', 'Content-Length'=>'0'}, []]
+ @_response.status = 403
+ @_response.headers.replace('Content-Type'=>'text/html', 'Content-Length'=>'0')
+ throw :halt, @_response.finish_with_body([])
when :clear_session
session.clear
when :csrf_failure_method
@_request.on{_roda_route_csrf_failure(@_request)}
when Proc