kotovalexarian-likes-github
/
sinatra
mirror of https://github.com/sinatra/sinatra
1
0
Fork 0
Code Releases Activity

Merge pull request #13 from hecticjeff/json-csrf-warning 

Show warnings for JsonCsrf attacks
This commit is contained in:
Konstantin Haase 2011-12-30 04:05:00 -08:00
parent 18529c9bdd d528b5aa6c
commit 2eb0092cd2
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
rack-protection/lib/rack/protection/json_csrf.rb
View File

@ -16,7 +16,10 @@ module Rack
def call(env)
status, headers, body = app.call(env)
if headers['Content-Type'].to_s.split(';', 2).first =~ /^\s*application\/json\s*$/
result = react(env) if referrer(env) != Request.new(env).host
if referrer(env) != Request.new(env).host
result = react(env)
warn env, "attack prevented by #{self.class}"
end
end
result or [status, headers, body]
end