kotovalexarian-likes-github
/
sinatra
mirror of https://github.com/sinatra/sinatra
1
0
Fork 0
Code Releases Activity
sinatra/rack-protection/lib/rack/protection/remote_referrer.rb

21 lines
498 B
Ruby
Raw Blame History

require 'rack/protection'
module Rack
module Protection
##
# Prevented attack:: CSRF
# Supported browsers:: all
# More infos:: http://en.wikipedia.org/wiki/Cross-site_request_forgery
#
# Does not accept unsafe HTTP requests if the Referer [sic] header is set to
# a different host.
class RemoteReferrer < Base
default_reaction :deny
def accepts?(env)
safe?(env) or referrer(env) == Request.new(env).host
end
end
end
end
View Git Blame Copy Permalink