From fa58e053f18e3c51f90e0563c3da8c29ab9f3fa6 Mon Sep 17 00:00:00 2001
From: Matteo Centenaro <bugant@gmail.com>
Date: Mon, 8 Apr 2013 11:23:05 +0200
Subject: [PATCH] FIX: check for nil response on JsonCsrf protection

Some reaction do not return a response, think for example drop_session. In that case a nil response
would be returned, see issue #50.
---
 rack-protection/lib/rack/protection/json_csrf.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rack-protection/lib/rack/protection/json_csrf.rb b/rack-protection/lib/rack/protection/json_csrf.rb
index 752c467d..b4a101dd 100644
--- a/rack-protection/lib/rack/protection/json_csrf.rb
+++ b/rack-protection/lib/rack/protection/json_csrf.rb
@@ -19,7 +19,7 @@ module Rack
 
         if has_vector? request, headers
           warn env, "attack prevented by #{self.class}"
-          react(env)
+          react(env) or [status, headers, body]
         else
           [status, headers, body]
         end