iv-org-mirror/shard-kemal
1
0
Fork 0
mirror of https://gitea.invidious.io/iv-org/shard-kemal.git synced 2024-08-15 00:53:36 +00:00
Code Issues Projects Releases Packages Wiki Activity

Remove HTTP prefix, this is a Rack impl convention, not a standard.

Browse source
This commit is contained in:
Mike Perham 2016-06-29 14:52:47 -07:00
parent 8f5736a057
commit 22d6c1773e
2 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
spec/middleware/csrf_spec.cr
View file

@ -55,7 +55,7 @@ describe "Kemal::Middleware::CSRF" do
body: "hasan=lamec",
headers: HTTP::Headers{"Content-Type" => "application/x-www-form-urlencoded",
"Set-Cookie" => client_response.headers["Set-Cookie"],
"http-x-csrf-token" => current_token })
"x-csrf-token" => current_token })
io, context = process_request(handler, request)
client_response = HTTP::Client::Response.from_io(io, decompress: false)
client_response.status_code.should eq 404

2
src/kemal/middleware/csrf.cr
View file

@ -11,7 +11,7 @@ module Kemal::Middleware
# where an attacker can re-submit a form.
#
class CSRF < HTTP::Handler
HEADER = "HTTP_X_CSRF_TOKEN"
HEADER = "X_CSRF_TOKEN"
ALLOWED_METHODS = %w[GET HEAD OPTIONS TRACE]
PARAMETER_NAME = "authenticity_token"