/vendor/bundle/jruby/2.1/gems/rack-protection-1.5.3/lib/rack/protection/remote_token.rb

https://github.com/delowong/logstash · Ruby · 22 lines · 11 code · 2 blank · 9 comment · 1 complexity · e1741f4b9d539fe89d8ef89184d4fe2d MD5 · raw file 

    

  1. require 'rack/protection'
    2. 

  2. 

  3. module Rack
    4. 

  4.   module Protection
    5. 

  5.     ##
    6. 

  6.     # Prevented attack::   CSRF
    7. 

  7.     # Supported browsers:: all
    8. 

  8.     # More infos::         http://en.wikipedia.org/wiki/Cross-site_request_forgery
    9. 

  9.     #
    10. 

  10.     # Only accepts unsafe HTTP requests if a given access token matches the token
    11. 

  11.     # included in the session *or* the request comes from the same origin.
    12. 

  12.     #
    13. 

  13.     # Compatible with Rails and rack-csrf.
    14. 

  14.     class RemoteToken < AuthenticityToken
    15. 

  15.       default_reaction :deny
    16. 

  16. 

  17.       def accepts?(env)
    18. 

  18.         super or referrer(env) == Request.new(env).host
    19. 

  19.       end
    20. 

  20.     end
    21. 

  21.   end
    22. 

  22. end
    23.