kotovalexarian-likes-github/sinatra
1
0
Fork 0
mirror of https://github.com/sinatra/sinatra synced 2023-03-27 23:18:01 -04:00
Code Releases Activity

Block invalid requests instead of raising error

Browse source
This commit is contained in:
Jordan Owens 2022-02-02 15:44:35 -05:00
parent b2c628b05f
commit 6a6c5f5507
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
rack-protection/lib/rack/protection/authenticity_token.rb
View file

@ -112,6 +112,8 @@ module Rack
valid_token?(env, env['HTTP_X_CSRF_TOKEN']) || valid_token?(env, env['HTTP_X_CSRF_TOKEN']) ||
valid_token?(env, Request.new(env).params[options[:authenticity_param]]) || valid_token?(env, Request.new(env).params[options[:authenticity_param]]) ||
( options[:allow_if] && options[:allow_if].call(env) ) ( options[:allow_if] && options[:allow_if].call(env) )
rescue
false
end end
def mask_authenticity_token(session, path: nil, method: :post) def mask_authenticity_token(session, path: nil, method: :post)