/vendor/bundle/jruby/2.1/gems/rack-protection-1.5.3/lib/rack/protection/remote_token.rb

https://github.com/delowong/logstash · Ruby · 22 lines · 11 code · 2 blank · 9 comment · 1 complexity · e1741f4b9d539fe89d8ef89184d4fe2d MD5 · raw file

  1. require 'rack/protection'
  2. module Rack
  3. module Protection
  4. ##
  5. # Prevented attack:: CSRF
  6. # Supported browsers:: all
  7. # More infos:: http://en.wikipedia.org/wiki/Cross-site_request_forgery
  8. #
  9. # Only accepts unsafe HTTP requests if a given access token matches the token
  10. # included in the session *or* the request comes from the same origin.
  11. #
  12. # Compatible with Rails and rack-csrf.
  13. class RemoteToken < AuthenticityToken
  14. default_reaction :deny
  15. def accepts?(env)
  16. super or referrer(env) == Request.new(env).host
  17. end
  18. end
  19. end
  20. end