File: remote_token.rb

package info (click to toggle)
ruby-sinatra 4.2.1-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 1,944 kB
  • sloc: ruby: 17,702; sh: 25; makefile: 8
file content (24 lines) | stat: -rw-r--r-- 625 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
 
# frozen_string_literal: true

require 'rack/protection'

module Rack
  module Protection
    ##
    # Prevented attack::   CSRF
    # Supported browsers:: all
    # More infos::         http://en.wikipedia.org/wiki/Cross-site_request_forgery
    #
    # Only accepts unsafe HTTP requests if a given access token matches the token
    # included in the session *or* the request comes from the same origin.
    #
    # Compatible with rack-csrf.
    class RemoteToken < AuthenticityToken
      default_reaction :deny

      def accepts?(env)
        super or referrer(env) == Request.new(env).host
      end
    end
  end
end