kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Use AS secure_compare for CSRF token comparison

Browse source
This commit is contained in:
Guillermo Iguaran 2014-10-23 11:00:30 -03:00
parent 4b11dea391
commit 0073d274de
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
actionpack/lib/action_controller/metal/request_forgery_protection.rb
View file

@ -1,5 +1,6 @@
require 'rack/session/abstract/id'
require 'action_controller/metal/exceptions'
require 'active_support/security_utils'
module ActionController #:nodoc:
class InvalidAuthenticityToken < ActionControllerError #:nodoc:
@ -305,8 +306,7 @@ module ActionController #:nodoc:
end
def compare_with_real_token(token, session)
# Borrow a constant-time comparison from Rack
Rack::Utils.secure_compare(token, real_csrf_token(session))
ActiveSupport::SecurityUtils.secure_compare(token, real_csrf_token(session))
end
def real_csrf_token(session)