Remove HTTP prefix, this is a Rack impl convention, not a standard.

2024-08-15 00:53:36 +00:00 · 2016-06-29 14:52:47 -07:00 · 2016-06-29 14:52:47 -07:00 · 22d6c1773e
commit 22d6c1773e
parent 8f5736a057
2 changed files with 2 additions and 2 deletions
--- a/spec/middleware/csrf_spec.cr
+++ b/spec/middleware/csrf_spec.cr
@ -55,7 +55,7 @@ describe "Kemal::Middleware::CSRF" do
      body: "hasan=lamec",
      headers: HTTP::Headers{"Content-Type" => "application/x-www-form-urlencoded",
                             "Set-Cookie" => client_response.headers["Set-Cookie"],
-                             "http-x-csrf-token" => current_token })
+                             "x-csrf-token" => current_token })
    io, context = process_request(handler, request)
    client_response = HTTP::Client::Response.from_io(io, decompress: false)
    client_response.status_code.should eq 404
--- a/src/kemal/middleware/csrf.cr
+++ b/src/kemal/middleware/csrf.cr
@ -11,7 +11,7 @@ module Kemal::Middleware
  # where an attacker can re-submit a form.
  #
  class CSRF < HTTP::Handler
-    HEADER = "HTTP_X_CSRF_TOKEN"
+    HEADER = "X_CSRF_TOKEN"
    ALLOWED_METHODS = %w[GET HEAD OPTIONS TRACE]
    PARAMETER_NAME = "authenticity_token"