Class: ActionController::RequestForgeryProtection::CookieStore
- Inherits:
-
Object
- Object
- ActionController::RequestForgeryProtection::CookieStore
- Defined in:
- lib/action_controller/metal/request_forgery_protection.rb
Instance Method Summary collapse
- #fetch(request) ⇒ Object
-
#initialize(cookie = :csrf_token) ⇒ CookieStore
constructor
A new instance of CookieStore.
- #reset(request) ⇒ Object
- #store(request, csrf_token) ⇒ Object
Constructor Details
#initialize(cookie = :csrf_token) ⇒ CookieStore
Returns a new instance of CookieStore.
312 313 314 |
# File 'lib/action_controller/metal/request_forgery_protection.rb', line 312 def initialize( = :csrf_token) @cookie_name = end |
Instance Method Details
#fetch(request) ⇒ Object
316 317 318 319 320 321 322 323 324 325 326 |
# File 'lib/action_controller/metal/request_forgery_protection.rb', line 316 def fetch(request) contents = request..encrypted[@cookie_name] return nil if contents.nil? value = JSON.parse(contents) return nil unless value.dig("session_id", "public_id") == request.session.id_was&.public_id value["token"] rescue JSON::ParserError nil end |
#reset(request) ⇒ Object
339 340 341 |
# File 'lib/action_controller/metal/request_forgery_protection.rb', line 339 def reset(request) request..delete(@cookie_name) end |
#store(request, csrf_token) ⇒ Object
328 329 330 331 332 333 334 335 336 337 |
# File 'lib/action_controller/metal/request_forgery_protection.rb', line 328 def store(request, csrf_token) request..encrypted.permanent[@cookie_name] = { value: { token: csrf_token, session_id: request.session.id, }.to_json, httponly: true, same_site: :lax, } end |