class StaticRails::SitePlusCsrfMiddleware
Public Class Methods
new(app)
click to toggle source
Calls superclass method
StaticRails::SiteMiddleware::new
# File lib/static-rails/site_plus_csrf_middleware.rb, line 8 def initialize(app) @determines_whether_to_handle_request = DeterminesWhetherToHandleRequest.new @validates_csrf_token = ValidatesCsrfToken.new @gets_csrf_token = GetsCsrfToken.new super end
Public Instance Methods
call(env)
click to toggle source
Calls superclass method
StaticRails::SiteMiddleware#call
# File lib/static-rails/site_plus_csrf_middleware.rb, line 15 def call(env) return @app.call(env) unless env["PATH_INFO"]&.start_with?(/\/?#{PATH_INFO_OBFUSCATION}/o) || @determines_whether_to_handle_request.call(env) env = env.merge( "PATH_INFO" => env["PATH_INFO"].gsub(/^\/?#{PATH_INFO_OBFUSCATION}/o, "") ) status, headers, body = super(env) if StaticRails.config.set_csrf_token_cookie req = Rack::Request.new(env) res = Rack::Response.new(body, status, headers) if needs_new_csrf_token?(req) res.set_cookie("_csrf_token", { value: @gets_csrf_token.call(req), path: "/" }) end res.finish else [status, headers, body] end end
Protected Instance Methods
require_csrf_before_processing_request?()
click to toggle source
# File lib/static-rails/site_plus_csrf_middleware.rb, line 40 def require_csrf_before_processing_request? false end
Private Instance Methods
needs_new_csrf_token?(req)
click to toggle source
# File lib/static-rails/site_plus_csrf_middleware.rb, line 46 def needs_new_csrf_token?(req) !req.cookies.has_key?("_csrf_token") || !@validates_csrf_token.call(req) end