/vendor/bundle/jruby/2.1/gems/rack-protection-1.5.3/lib/rack/protection/remote_token.rb
Ruby | 22 lines | 11 code | 2 blank | 9 comment | 1 complexity | e1741f4b9d539fe89d8ef89184d4fe2d MD5 | raw file
1require 'rack/protection' 2 3module Rack 4 module Protection 5 ## 6 # Prevented attack:: CSRF 7 # Supported browsers:: all 8 # More infos:: http://en.wikipedia.org/wiki/Cross-site_request_forgery 9 # 10 # Only accepts unsafe HTTP requests if a given access token matches the token 11 # included in the session *or* the request comes from the same origin. 12 # 13 # Compatible with Rails and rack-csrf. 14 class RemoteToken < AuthenticityToken 15 default_reaction :deny 16 17 def accepts?(env) 18 super or referrer(env) == Request.new(env).host 19 end 20 end 21 end 22end