Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for per form csrf tokens #1653

Merged
merged 2 commits into from
Feb 14, 2021
Merged

Add support for per form csrf tokens #1653

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f8f04e5
Add support for per form csrf tokens
jkowens Oct 9, 2020
88235a9
Remove breaking change
jkowens Jan 7, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Remove breaking change
  • Loading branch information
@jkowens
jkowens committed Jan 7, 2021
commit 88235a9f5805fd3a0e62c97c71ea0cf893da88c6
7 changes: 3 additions & 4 deletions rack-protection/lib/rack/protection/authenticity_token.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ class AuthenticityToken < Base
:allow_if => nil

def self.token(session, path: nil, method: :post)
self.new(nil).mask_authenticity_token(session, path, method)
self.new(nil).mask_authenticity_token(session, path: path, method: method)
end

def self.random_token
Expand All @@ -114,7 +114,7 @@ def accepts?(env)
( options[:allow_if] && options[:allow_if].call(env) )
end

def mask_authenticity_token(session, path, method)
def mask_authenticity_token(session, path: nil, method: :post)
set_token(session)

token = if path && method
Expand All @@ -132,8 +132,7 @@ def mask_authenticity_token(session, path, method)
private

def set_token(session)
token = session[options[:key]] ||= self.class.random_token
decode_token(token)
session[options[:key]] ||= self.class.random_token
end

# Checks the client's masked token to see if it matches the
Expand Down