2018-fumichan-thesis/practice/vendor/bundle/ruby/2.5.0/gems/rack-protection-2.0.4/lib/rack/protection/remote_token.rb at af7465a3586ca9c918bf288c3493b44a902a9e9d

Fork: 0

HiroseLabo. / 2018-fumichan-thesis

Find file

Newer

Older

2018-fumichan-thesis / practice / vendor / bundle / ruby / 2.5.0 / gems / rack-protection-2.0.4 / lib / rack / protection / remote_token.rb

Fumichan on 27 Nov 2018 594 bytes create dir 2018-fumichan-thesis

Raw Blame History

require 'rack/protection'

module Rack
  module Protection
    ##
    # Prevented attack::   CSRF
    # Supported browsers:: all
    # More infos::         http://en.wikipedia.org/wiki/Cross-site_request_forgery
    #
    # Only accepts unsafe HTTP requests if a given access token matches the token
    # included in the session *or* the request comes from the same origin.
    #
    # Compatible with rack-csrf.
    class RemoteToken < AuthenticityToken
      default_reaction :deny

      def accepts?(env)
        super or referrer(env) == Request.new(env).host
      end
    end
  end
end