kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Expose request method to reset the CSRF token

Browse source 
We already have a commit CSRF method exposed via the request object
since it's used by the implementation when committing the session, so
having a similar reset CSRF method exposed makes sense, and hides some
of the internal complexity of calling that method via the controller
instance.

It will also facilitate reaching out to the reset CSRF logic from other
libraries like Devise, to more easily integrate with this change.
This commit is contained in:
Carlos Antonio da Silva 2022-04-22 11:57:41 -03:00
parent bc9fa030a6
commit b925880914
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
actionpack/lib/action_dispatch/http/request.rb
View file

@ -358,7 +358,7 @@ module ActionDispatch
def reset_session
session.destroy
controller_instance.reset_csrf_token(self) if controller_instance.respond_to?(:reset_csrf_token)
reset_csrf_token
end
def session=(session) # :nodoc:
@ -430,6 +430,10 @@ module ActionDispatch
"#<#{self.class.name} #{method} #{original_url.dump} for #{remote_ip}>"
end
def reset_csrf_token
controller_instance.reset_csrf_token(self) if controller_instance.respond_to?(:reset_csrf_token)
end
def commit_csrf_token
controller_instance.commit_csrf_token(self) if controller_instance.respond_to?(:commit_csrf_token)
end