Class: CSRFMiddleware
- Inherits:
-
Object
- Object
- CSRFMiddleware
- Defined in:
- app/middleware/csrf_middleware.rb
Instance Method Summary collapse
- #call(env) ⇒ Object
-
#initialize(app) ⇒ CSRFMiddleware
constructor
A new instance of CSRFMiddleware.
Constructor Details
#initialize(app) ⇒ CSRFMiddleware
Returns a new instance of CSRFMiddleware.
4 5 6 |
# File 'app/middleware/csrf_middleware.rb', line 4 def initialize(app) @app = app end |
Instance Method Details
#call(env) ⇒ Object
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
# File 'app/middleware/csrf_middleware.rb', line 8 def call(env) req = Rack::Request.new(env) env['eks_cent.session'] ||= env['rack.session'] || {} session = env['eks_cent.session'] # Generate token if not exists session['csrf_token'] ||= SecureRandom.hex(32) env['eks_cent.csrf_token'] = session['csrf_token'] if ['POST', 'PUT', 'DELETE', 'PATCH'].include?(req.request_method) token = req.params['csrf_token'] || req.env['HTTP_X_CSRF_TOKEN'] if token != session['csrf_token'] return [403, { 'Content-Type' => 'text/plain' }, ['Forbidden: CSRF Token Invalid']] end end @app.call(env) end |