PageRenderTime 25ms CodeModel.GetById 15ms app.highlight 6ms RepoModel.GetById 1ms app.codeStats 0ms

/vendor/bundle/jruby/2.1/gems/rack-protection-1.5.3/lib/rack/protection/remote_token.rb

https://github.com/delowong/logstash
Ruby | 22 lines | 11 code | 2 blank | 9 comment | 1 complexity | e1741f4b9d539fe89d8ef89184d4fe2d MD5 | raw file
 1require 'rack/protection'
 2
 3module Rack
 4  module Protection
 5    ##
 6    # Prevented attack::   CSRF
 7    # Supported browsers:: all
 8    # More infos::         http://en.wikipedia.org/wiki/Cross-site_request_forgery
 9    #
10    # Only accepts unsafe HTTP requests if a given access token matches the token
11    # included in the session *or* the request comes from the same origin.
12    #
13    # Compatible with Rails and rack-csrf.
14    class RemoteToken < AuthenticityToken
15      default_reaction :deny
16
17      def accepts?(env)
18        super or referrer(env) == Request.new(env).host
19      end
20    end
21  end
22end