Use Base64.urlsafe_* like Rake::Protection::AuthenticityToken

2022-11-09 13:52:34 -05:00 · 2022-04-02 19:47:26 +02:00 · 2022-04-02 19:47:26 +02:00 · 572f7035b3
commit 572f7035b3
parent 213977c460
1 changed files with 2 additions and 2 deletions
--- a/lib/sidekiq/web/csrf_protection.rb
+++ b/lib/sidekiq/web/csrf_protection.rb
@ -143,7 +143,7 @@ module Sidekiq
        one_time_pad = SecureRandom.random_bytes(token.length)
        encrypted_token = xor_byte_strings(one_time_pad, token)
        masked_token = one_time_pad + encrypted_token
-        Base64.strict_encode64(masked_token)
+        Base64.urlsafe_encode64(masked_token)
      end

      # Essentially the inverse of +mask_token+.
@ -169,7 +169,7 @@ module Sidekiq
      end

      def decode_token(token)
-        Base64.strict_decode64(token)
+        Base64.urlsafe_decode64(token)
      end

      def xor_byte_strings(s1, s2)