Class: Otto::Security::Config
- Inherits:
-
Object
- Object
- Otto::Security::Config
- Includes:
- Core::Freezable
- Defined in:
- lib/otto/security/config.rb
Overview
Security configuration for Otto applications
This class manages all security-related settings including CSRF protection, input validation, trusted proxies, and security headers. Security features are disabled by default for backward compatibility.
Constant Summary collapse
- PROXY_MODE_CONFLICT_MESSAGE =
Error raised when the two mutually-exclusive trusted-proxy resolution modes are configured together: CIDR-walk (enumerated #trusted_proxies) and count-based depth (#trusted_proxy_depth >= 1).
<<~MSG.gsub(/\s+/, ' ').strip.freeze Cannot configure both trusted_proxies (CIDR filter mode) and trusted_proxy_depth >= 1 (count mode). Enumerate proxy CIDRs OR set a hop count, not both. MSG
- TRUSTED_PROXY_HEADERS =
Forwarded-header sources depth mode (#trusted_proxy_depth) can count hops from: X-Forwarded-For (default), the RFC 7239 Forwarded header, or Both (Forwarded when present, else X-Forwarded-For). Mirrors OneTimeSecret’s site.network.trusted_proxy.header. Only consulted in depth mode; CIDR-walk is unaffected.
%w[X-Forwarded-For Forwarded Both].freeze
- CSP_REPORTING_GROUP =
Endpoint group name shared by the CSP
report-todirective and theReporting-Endpointsresponse header (modern Reporting API). Browsers match the directive’s group to the header’s key, so both must agree. Aliases Otto::Security::CSP::Policy::REPORTING_GROUP — the one source the policy builder uses — so the header and the directive cannot drift. Otto::Security::CSP::Policy::REPORTING_GROUP
- CSRF_SECRET_REQUIRED_MESSAGE =
Error raised when CSRF protection is enabled in production without an explicitly configured secret. A randomly-generated per-process secret silently breaks token verification across workers and restarts, so we refuse it in production rather than serve intermittently-failing tokens.
<<~MSG.gsub(/\s+/, ' ').strip.freeze CSRF protection is enabled in production without a configured secret. Set OTTO_CSRF_SECRET (or config.csrf_secret=) to a stable random value (e.g. SecureRandom.hex(32)); a per-process random secret is not valid across workers or restarts. MSG
Instance Attribute Summary collapse
-
#csp_nonce_enabled ⇒ Object
readonly
Returns the value of attribute csp_nonce_enabled.
-
#csp_nonce_key ⇒ Object
Returns the value of attribute csp_nonce_key.
-
#csp_report_to_url ⇒ Object
Returns the value of attribute csp_report_to_url.
-
#csp_report_uri ⇒ Object
Returns the value of attribute csp_report_uri.
-
#csp_violation_callback ⇒ Object
readonly
Returns the value of attribute csp_violation_callback.
-
#csrf_header_key ⇒ Object
readonly
Returns the value of attribute csrf_header_key.
-
#csrf_protection ⇒ Object
readonly
Returns the value of attribute csrf_protection.
-
#csrf_session_key ⇒ Object
Returns the value of attribute csrf_session_key.
-
#csrf_token_key ⇒ Object
Returns the value of attribute csrf_token_key.
-
#debug_csp ⇒ Object
readonly
Returns the value of attribute debug_csp.
-
#input_validation ⇒ Object
Returns the value of attribute input_validation.
-
#ip_privacy_config ⇒ Object
readonly
Returns the value of attribute ip_privacy_config.
-
#max_param_depth ⇒ Object
Returns the value of attribute max_param_depth.
-
#max_param_keys ⇒ Object
Returns the value of attribute max_param_keys.
-
#max_request_size ⇒ Object
Returns the value of attribute max_request_size.
-
#mcp_auth ⇒ Object
readonly
Returns the value of attribute mcp_auth.
-
#rate_limiting_config ⇒ Object
Returns the value of attribute rate_limiting_config.
-
#require_secure_cookies ⇒ Object
readonly
Returns the value of attribute require_secure_cookies.
-
#security_headers ⇒ Object
readonly
Returns the value of attribute security_headers.
-
#trusted_proxies ⇒ Object
readonly
Returns the value of attribute trusted_proxies.
-
#trusted_proxy_depth ⇒ Object
Returns the value of attribute trusted_proxy_depth.
-
#trusted_proxy_header ⇒ Object
Returns the value of attribute trusted_proxy_header.
Instance Method Summary collapse
-
#add_trusted_proxy(proxy) ⇒ void
Add a trusted proxy server for accurate client IP detection.
-
#csp_nonce_enabled? ⇒ Boolean
Check if CSP nonce support is enabled.
-
#csrf_enabled? ⇒ Boolean
Check if CSRF protection is currently enabled.
-
#csrf_secret=(secret) ⇒ Object
Set the server-side secret used to sign (HMAC) CSRF tokens.
-
#debug_csp? ⇒ Boolean
Check if CSP debug logging is enabled.
-
#deep_freeze! ⇒ self
Override deep_freeze! to ensure rate_limiting_config has custom_rules initialized.
-
#disable_csp_nonce! ⇒ void
Disable CSP nonce support.
-
#disable_csrf_protection! ⇒ void
Disable CSRF protection.
-
#dispatch_csp_violation(report) ⇒ void
Invoke the registered violation callback for a report, isolating any error it raises.
-
#enable_csp!(policy = "default-src 'self'") ⇒ void
Enable Content Security Policy (CSP) header.
-
#enable_csp_with_nonce!(debug: false) ⇒ void
Enable Content Security Policy (CSP) with nonce support.
-
#enable_csrf_protection! ⇒ void
Enable CSRF (Cross-Site Request Forgery) protection.
-
#enable_frame_protection!(option = 'SAMEORIGIN') ⇒ void
Enable X-Frame-Options header to prevent clickjacking.
-
#enable_hsts!(max_age: 31_536_000, include_subdomains: true) ⇒ void
Enable HTTP Strict Transport Security (HSTS) header.
-
#generate_csrf_token(session_id = nil) ⇒ Object
Generate a CSRF token bound to the given session id and signed (HMAC-SHA256) with the server-side secret, so tokens cannot be self-minted and are not valid across sessions.
-
#generate_nonce_csp(nonce, development_mode: false) ⇒ String
Generate a CSP policy string with the provided nonce.
-
#get_or_create_session_id(request) ⇒ Object
-
#initialize ⇒ Config
constructor
Initialize security configuration with safe defaults.
-
#on_csp_violation {|report| ... } ⇒ void
Register the callback invoked once per parsed CSP violation report.
-
#set_custom_headers(headers) ⇒ void
Set custom security headers.
-
#trusted_proxy?(ip) ⇒ Boolean
Check if an IP address is from a trusted proxy.
-
#trusted_proxy_depth_mode? ⇒ Boolean
Whether count-based (“trust the last N hops”) proxy resolution is active.
-
#validate_request_size(content_length) ⇒ Boolean
Validate that a request size is within acceptable limits.
-
#verify_csrf_token(token, session_id = nil) ⇒ Object
Verify a CSRF token against its session binding using a constant-time comparison.
Constructor Details
#initialize ⇒ Config
Initialize security configuration with safe defaults
All security features are disabled by default to maintain backward compatibility with existing Otto applications.
81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 |
# File 'lib/otto/security/config.rb', line 81 def initialize @csrf_protection = false @csrf_token_key = '_csrf_token' @csrf_header_key = 'HTTP_X_CSRF_TOKEN' @csrf_session_key = '_csrf_session_id' @max_request_size = 10 * 1024 * 1024 # 10MB @max_param_depth = 32 @max_param_keys = 64 @trusted_proxies = [] @trusted_proxy_matchers = [] @trusted_proxy_depth = nil @trusted_proxy_header = 'X-Forwarded-For' @require_secure_cookies = false @security_headers = default_security_headers @input_validation = true @csp_nonce_enabled = false @debug_csp = false @csp_nonce_key = 'otto.nonce' @csp_policy = nil @csp_report_uri = nil @csp_report_to_url = nil @csp_violation_callback = nil @rate_limiting_config = { custom_rules: {} } @ip_privacy_config = Otto::Privacy::Config.new configured_secret = ENV.fetch('OTTO_CSRF_SECRET', nil) @csrf_secret_generated = configured_secret.nil? || configured_secret.empty? @csrf_secret = @csrf_secret_generated ? SecureRandom.hex(32) : configured_secret end |
Instance Attribute Details
#csp_nonce_enabled ⇒ Object (readonly)
Returns the value of attribute csp_nonce_enabled.
70 71 72 |
# File 'lib/otto/security/config.rb', line 70 def csp_nonce_enabled @csp_nonce_enabled end |
#csp_nonce_key ⇒ Object
Returns the value of attribute csp_nonce_key.
70 71 72 |
# File 'lib/otto/security/config.rb', line 70 def csp_nonce_key @csp_nonce_key end |
#csp_report_to_url ⇒ Object
Returns the value of attribute csp_report_to_url.
70 71 72 |
# File 'lib/otto/security/config.rb', line 70 def csp_report_to_url @csp_report_to_url end |
#csp_report_uri ⇒ Object
Returns the value of attribute csp_report_uri.
70 71 72 |
# File 'lib/otto/security/config.rb', line 70 def csp_report_uri @csp_report_uri end |
#csp_violation_callback ⇒ Object (readonly)
Returns the value of attribute csp_violation_callback.
70 71 72 |
# File 'lib/otto/security/config.rb', line 70 def csp_violation_callback @csp_violation_callback end |
#csrf_header_key ⇒ Object (readonly)
Returns the value of attribute csrf_header_key.
70 71 72 |
# File 'lib/otto/security/config.rb', line 70 def csrf_header_key @csrf_header_key end |
#csrf_protection ⇒ Object (readonly)
Returns the value of attribute csrf_protection.
70 71 72 |
# File 'lib/otto/security/config.rb', line 70 def csrf_protection @csrf_protection end |
#csrf_session_key ⇒ Object
Returns the value of attribute csrf_session_key.
66 67 68 |
# File 'lib/otto/security/config.rb', line 66 def csrf_session_key @csrf_session_key end |
#csrf_token_key ⇒ Object
Returns the value of attribute csrf_token_key.
66 67 68 |
# File 'lib/otto/security/config.rb', line 66 def csrf_token_key @csrf_token_key end |
#debug_csp ⇒ Object (readonly)
Returns the value of attribute debug_csp.
70 71 72 |
# File 'lib/otto/security/config.rb', line 70 def debug_csp @debug_csp end |
#input_validation ⇒ Object
Returns the value of attribute input_validation.
66 67 68 |
# File 'lib/otto/security/config.rb', line 66 def input_validation @input_validation end |
#ip_privacy_config ⇒ Object (readonly)
Returns the value of attribute ip_privacy_config.
70 71 72 |
# File 'lib/otto/security/config.rb', line 70 def ip_privacy_config @ip_privacy_config end |
#max_param_depth ⇒ Object
Returns the value of attribute max_param_depth.
66 67 68 |
# File 'lib/otto/security/config.rb', line 66 def max_param_depth @max_param_depth end |
#max_param_keys ⇒ Object
Returns the value of attribute max_param_keys.
66 67 68 |
# File 'lib/otto/security/config.rb', line 66 def max_param_keys @max_param_keys end |
#max_request_size ⇒ Object
Returns the value of attribute max_request_size.
66 67 68 |
# File 'lib/otto/security/config.rb', line 66 def max_request_size @max_request_size end |
#mcp_auth ⇒ Object (readonly)
Returns the value of attribute mcp_auth.
70 71 72 |
# File 'lib/otto/security/config.rb', line 70 def mcp_auth @mcp_auth end |
#rate_limiting_config ⇒ Object
Returns the value of attribute rate_limiting_config.
66 67 68 |
# File 'lib/otto/security/config.rb', line 66 def rate_limiting_config @rate_limiting_config end |
#require_secure_cookies ⇒ Object (readonly)
Returns the value of attribute require_secure_cookies.
70 71 72 |
# File 'lib/otto/security/config.rb', line 70 def @require_secure_cookies end |
#security_headers ⇒ Object (readonly)
Returns the value of attribute security_headers.
70 71 72 |
# File 'lib/otto/security/config.rb', line 70 def security_headers @security_headers end |
#trusted_proxies ⇒ Object (readonly)
Returns the value of attribute trusted_proxies.
70 71 72 |
# File 'lib/otto/security/config.rb', line 70 def trusted_proxies @trusted_proxies end |
#trusted_proxy_depth ⇒ Object
Returns the value of attribute trusted_proxy_depth.
70 71 72 |
# File 'lib/otto/security/config.rb', line 70 def trusted_proxy_depth @trusted_proxy_depth end |
#trusted_proxy_header ⇒ Object
Returns the value of attribute trusted_proxy_header.
70 71 72 |
# File 'lib/otto/security/config.rb', line 70 def trusted_proxy_header @trusted_proxy_header end |
Instance Method Details
#add_trusted_proxy(proxy) ⇒ void
This method returns an undefined value.
Add a trusted proxy server for accurate client IP detection
Only requests from trusted proxies will have their X-Forwarded-For and similar headers honored for IP detection. This prevents IP spoofing from untrusted sources.
163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 |
# File 'lib/otto/security/config.rb', line 163 def add_trusted_proxy(proxy) ensure_not_frozen! # CIDR-walk and count-based depth are mutually exclusive. Catch the # conflict eagerly here (and in #trusted_proxy_depth=) so it surfaces at # configuration time, not only at freeze (which the test harness skips). raise ArgumentError, PROXY_MODE_CONFLICT_MESSAGE if trusted_proxy_depth_mode? case proxy when String, Regexp @trusted_proxies << proxy @trusted_proxy_matchers << register_proxy_matcher(proxy) when Array proxy.each { |entry| @trusted_proxy_matchers << register_proxy_matcher(entry) } @trusted_proxies.concat(proxy) else raise ArgumentError, 'Proxy must be a String, Regexp, or Array' end end |
#csp_nonce_enabled? ⇒ Boolean
Check if CSP nonce support is enabled
396 397 398 |
# File 'lib/otto/security/config.rb', line 396 def csp_nonce_enabled? @csp_nonce_enabled end |
#csrf_enabled? ⇒ Boolean
Check if CSRF protection is currently enabled
140 141 142 |
# File 'lib/otto/security/config.rb', line 140 def csrf_enabled? @csrf_protection end |
#csrf_secret=(secret) ⇒ Object
Set the server-side secret used to sign (HMAC) CSRF tokens. Set this to a stable value (e.g. ENV[‘OTTO_CSRF_SECRET’]) in multi-process or multi-host deployments so tokens stay valid across workers and restarts.
Write-only by design: the signing key has no public reader, so it is not exposed to inspection/logging/serialization via the config object.
293 294 295 296 297 298 |
# File 'lib/otto/security/config.rb', line 293 def csrf_secret=(secret) ensure_not_frozen! @csrf_secret = secret @csrf_secret_generated = false end |
#debug_csp? ⇒ Boolean
Check if CSP debug logging is enabled
419 420 421 |
# File 'lib/otto/security/config.rb', line 419 def debug_csp? @debug_csp end |
#deep_freeze! ⇒ self
Override deep_freeze! to ensure rate_limiting_config has custom_rules initialized
This pre-initializes any lazy values before freezing to prevent FrozenError when accessing configuration after it’s frozen.
579 580 581 582 583 584 585 |
# File 'lib/otto/security/config.rb', line 579 def deep_freeze! # Ensure custom_rules is initialized (should already be done in constructor) @rate_limiting_config[:custom_rules] ||= {} validate_trusted_proxy_config! validate_csrf_secret_config! super end |
#disable_csp_nonce! ⇒ void
This method returns an undefined value.
Disable CSP nonce support
387 388 389 390 391 |
# File 'lib/otto/security/config.rb', line 387 def disable_csp_nonce! ensure_not_frozen! @csp_nonce_enabled = false end |
#disable_csrf_protection! ⇒ void
This method returns an undefined value.
Disable CSRF protection
131 132 133 134 135 |
# File 'lib/otto/security/config.rb', line 131 def disable_csrf_protection! ensure_not_frozen! @csrf_protection = false end |
#dispatch_csp_violation(report) ⇒ void
This method returns an undefined value.
Invoke the registered violation callback for a report, isolating any error it raises. A misbehaving application callback must never break the report receiver (which always answers 204).
518 519 520 521 522 523 524 525 |
# File 'lib/otto/security/config.rb', line 518 def dispatch_csp_violation(report) callback = @csp_violation_callback return if callback.nil? callback.call(report) rescue StandardError => e Otto.logger.error("[Otto::CSP] violation callback raised #{e.class}: #{e.}") end |
#enable_csp!(policy = "default-src 'self'") ⇒ void
This method returns an undefined value.
Enable Content Security Policy (CSP) header
CSP helps prevent XSS attacks by controlling which resources can be loaded. The default policy only allows resources from the same origin.
357 358 359 360 361 362 |
# File 'lib/otto/security/config.rb', line 357 def enable_csp!(policy = "default-src 'self'") ensure_not_frozen! @csp_policy = policy @security_headers['content-security-policy'] = build_static_csp(policy) end |
#enable_csp_with_nonce!(debug: false) ⇒ void
This method returns an undefined value.
Enable Content Security Policy (CSP) with nonce support
This enables dynamic CSP header generation with nonces for enhanced security. Unlike enable_csp!, this doesn’t set a static policy but enables the response helper to generate CSP headers with nonces on a per-request basis.
376 377 378 379 380 381 |
# File 'lib/otto/security/config.rb', line 376 def enable_csp_with_nonce!(debug: false) ensure_not_frozen! @csp_nonce_enabled = true @debug_csp = debug end |
#enable_csrf_protection! ⇒ void
This method returns an undefined value.
Enable CSRF (Cross-Site Request Forgery) protection
When enabled, Otto will: - Generate CSRF tokens for safe HTTP methods (GET, HEAD, OPTIONS, TRACE) - Validate CSRF tokens for unsafe methods (POST, PUT, DELETE, PATCH) - Automatically inject CSRF meta tags into HTML responses - Provide helper methods for forms and AJAX requests
121 122 123 124 125 |
# File 'lib/otto/security/config.rb', line 121 def enable_csrf_protection! ensure_not_frozen! @csrf_protection = true end |
#enable_frame_protection!(option = 'SAMEORIGIN') ⇒ void
This method returns an undefined value.
Enable X-Frame-Options header to prevent clickjacking
550 551 552 553 554 |
# File 'lib/otto/security/config.rb', line 550 def enable_frame_protection!(option = 'SAMEORIGIN') ensure_not_frozen! @security_headers['x-frame-options'] = option end |
#enable_hsts!(max_age: 31_536_000, include_subdomains: true) ⇒ void
This method returns an undefined value.
Enable HTTP Strict Transport Security (HSTS) header
HSTS forces browsers to use HTTPS for all future requests to this domain. WARNING: This can make your domain inaccessible if HTTPS is not properly configured. Only enable this when you’re certain HTTPS is working correctly.
338 339 340 341 342 343 344 |
# File 'lib/otto/security/config.rb', line 338 def enable_hsts!(max_age: 31_536_000, include_subdomains: true) ensure_not_frozen! hsts_value = "max-age=#{max_age}" hsts_value += '; includeSubDomains' if include_subdomains @security_headers['strict-transport-security'] = hsts_value end |
#generate_csrf_token(session_id = nil) ⇒ Object
Generate a CSRF token bound to the given session id and signed (HMAC-SHA256) with the server-side secret, so tokens cannot be self-minted and are not valid across sessions. A session binding is REQUIRED.
303 304 305 306 307 308 309 310 311 |
# File 'lib/otto/security/config.rb', line 303 def generate_csrf_token(session_id = nil) binding_id = session_id.to_s raise ArgumentError, 'CSRF token generation requires a session binding' if binding_id.empty? reject_generated_secret_in_production! warn_generated_csrf_secret token = SecureRandom.hex(32) "#{token}:#{sign_csrf_token(binding_id, token)}" end |
#generate_nonce_csp(nonce, development_mode: false) ⇒ String
Generate a CSP policy string with the provided nonce
Thin facade over Otto::Security::CSP::Policy.nonce_policy; the directive sets and report-uri/report-to assembly live there now. Output is byte-identical to Otto’s historical policy.
536 537 538 539 540 541 542 543 |
# File 'lib/otto/security/config.rb', line 536 def generate_nonce_csp(nonce, development_mode: false) Otto::Security::CSP::Policy.nonce_policy( nonce, development_mode: development_mode, report_uri: @csp_report_uri, report_to_url: @csp_report_to_url ) end |
#get_or_create_session_id(request) ⇒ Object
587 588 589 590 591 592 593 594 595 596 597 598 |
# File 'lib/otto/security/config.rb', line 587 def get_or_create_session_id(request) # Try existing sources first session_id = extract_existing_session_id(request) # Create and persist if none found if session_id.nil? || session_id.empty? session_id = SecureRandom.hex(16) store_session_id(request, session_id) end session_id end |
#on_csp_violation {|report| ... } ⇒ void
This method returns an undefined value.
Register the callback invoked once per parsed CSP violation report.
The block receives an Otto::Security::CSP::Report. Your application decides what to do — log, emit a metric, store, forward, or ignore. Otto adds no storage or database coupling.
Registering a second callback REPLACES the first (last registration
wins), matching the singular on_csp_violation semantics. Calling this
with NO block clears (unregisters) any previously-set callback.
SECURITY NOTE: report URL fields may carry sensitive path/query data in some applications. Redact them in your callback before logging if needed; Otto passes them through un-redacted (see Otto::Security::CSP::Report).
506 507 508 509 510 |
# File 'lib/otto/security/config.rb', line 506 def on_csp_violation(&block) ensure_not_frozen! @csp_violation_callback = block end |
#set_custom_headers(headers) ⇒ void
This method returns an undefined value.
Set custom security headers
567 568 569 570 571 |
# File 'lib/otto/security/config.rb', line 567 def set_custom_headers(headers) ensure_not_frozen! @security_headers.merge!(headers) end |
#trusted_proxy?(ip) ⇒ Boolean
Check if an IP address is from a trusted proxy
String entries that parse as an IP or CIDR range are matched with proper IPAddr containment (IPv4 and IPv6). Entries that are not valid IPs (e.g. a bare prefix like ‘172.16.’) fall back to the legacy exact/prefix string match for backward compatibility. Regexp entries are matched against the raw IP string.
Proxy entries are parsed once at registration (see #add_trusted_proxy) into @trusted_proxy_matchers, so this never re-parses per request.
195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 |
# File 'lib/otto/security/config.rb', line 195 def trusted_proxy?(ip) return false if @trusted_proxy_matchers.empty? || ip.nil? || ip.empty? # Fold IPv4-mapped IPv6 (::ffff:a.b.c.d) to plain IPv4 so a dual-stack # peer presented in mapped form still matches an IPv4 proxy entry. client = parse_ipaddr(ip)&.native @trusted_proxy_matchers.any? do |entry, range| if range # Pre-parsed IP/CIDR entry -> proper containment client && ip_in_range?(range, client) elsif entry.is_a?(Regexp) entry.match?(ip) elsif entry.is_a?(String) # Legacy non-IP entry (e.g. '172.16.') -> exact/prefix match ip == entry || ip.start_with?(entry) else false end end end |
#trusted_proxy_depth_mode? ⇒ Boolean
Whether count-based (“trust the last N hops”) proxy resolution is active.
When true, Otto::Utils.resolve_client_ip ignores trusted-proxy CIDRs and
instead trusts a fixed number of hops from the right of the forwarded
chain (Express trust proxy = N). This is the only sound model for
non-enumerable proxy tiers (Fly, cloud load balancers, dynamic reverse
proxies) whose addresses cannot be listed as CIDRs.
226 227 228 |
# File 'lib/otto/security/config.rb', line 226 def trusted_proxy_depth_mode? @trusted_proxy_depth.is_a?(Integer) && @trusted_proxy_depth >= 1 end |
#validate_request_size(content_length) ⇒ Boolean
Validate that a request size is within acceptable limits
276 277 278 279 280 281 282 283 284 285 |
# File 'lib/otto/security/config.rb', line 276 def validate_request_size(content_length) return true if content_length.nil? size = content_length.to_i if size > @max_request_size raise Otto::Security::RequestTooLargeError, "Request size #{size} exceeds maximum #{@max_request_size}" end true end |
#verify_csrf_token(token, session_id = nil) ⇒ Object
Verify a CSRF token against its session binding using a constant-time comparison. Returns false (never raises) for blank/malformed input.
315 316 317 318 319 320 321 322 323 324 325 326 |
# File 'lib/otto/security/config.rb', line 315 def verify_csrf_token(token, session_id = nil) return false if token.nil? || token.empty? binding_id = session_id.to_s return false if binding_id.empty? token_part, signature = token.split(':', 2) return false if token_part.nil? || signature.nil? expected_signature = sign_csrf_token(binding_id, token_part) secure_compare(signature, expected_signature) end |