/vendor/bundle/jruby/2.1/gems/rack-protection-1.5.3/lib/rack/protection/remote_token.rb
https://github.com/delowong/logstash · Ruby · 22 lines · 11 code · 2 blank · 9 comment · 1 complexity · e1741f4b9d539fe89d8ef89184d4fe2d MD5 · raw file
- require 'rack/protection'
- module Rack
- module Protection
- ##
- # Prevented attack:: CSRF
- # Supported browsers:: all
- # More infos:: http://en.wikipedia.org/wiki/Cross-site_request_forgery
- #
- # Only accepts unsafe HTTP requests if a given access token matches the token
- # included in the session *or* the request comes from the same origin.
- #
- # Compatible with Rails and rack-csrf.
- class RemoteToken < AuthenticityToken
- default_reaction :deny
- def accepts?(env)
- super or referrer(env) == Request.new(env).host
- end
- end
- end
- end