Class: Otto::Security::CSRFMiddleware

Inherits:

Object

Object
Otto::Security::CSRFMiddleware

show all

Defined in:: lib/otto/security/csrf.rb

Constant Summary collapse

SAFE_METHODS =

%w[GET HEAD OPTIONS TRACE].freeze

Instance Method Summary collapse

#call(env) ⇒ Object
#initialize(app, config = nil) ⇒ CSRFMiddleware constructor

A new instance of CSRFMiddleware.

Constructor Details

#initialize(app, config = nil) ⇒ `CSRFMiddleware`

Returns a new instance of CSRFMiddleware.

# File 'lib/otto/security/csrf.rb', line 10

def initialize(app, config = nil)
  @app = app
  @config = config || Otto::Security::Config.new
end

Instance Method Details

#call(env) ⇒ `Object`

# File 'lib/otto/security/csrf.rb', line 15

def call(env)
  return @app.call(env) unless @config.csrf_enabled?

  request = Rack::Request.new(env)

  # Skip CSRF protection for safe methods
  if safe_method?(request.request_method)
    response = @app.call(env)
    response = inject_csrf_token(request, response) if html_response?(response)
    return response
  end

  # Validate CSRF token for unsafe methods
  unless valid_csrf_token?(request)
    return csrf_error_response
  end

  @app.call(env)
end

Class: Otto::Security::CSRFMiddleware

Constant Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(app, config = nil) ⇒ CSRFMiddleware

Instance Method Details

#call(env) ⇒ Object

#initialize(app, config = nil) ⇒ `CSRFMiddleware`

#call(env) ⇒ `Object`