iv-org-mirror/shard-kemal
1
0
Fork 0
mirror of https://gitea.invidious.io/iv-org/shard-kemal.git synced 2024-08-15 00:53:36 +00:00
Code Issues Projects Releases Packages Wiki Activity

Need to initialize the session token or forms won't render

Browse source
This commit is contained in:
Mike Perham 2016-06-28 16:46:45 -07:00
parent e407d0195c
commit 8f5736a057
1 changed files with 5 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/kemal/middleware/csrf.cr
View file

@ -16,12 +16,13 @@ module Kemal::Middleware
PARAMETER_NAME = "authenticity_token"
def call(context)
unless context.session["csrf"]?
context.session["csrf"] = SecureRandom.hex(16)
end
return call_next(context) if ALLOWED_METHODS.includes?(context.request.method)
req = context.request
current_token = context.session["csrf"]? || begin
context.session["csrf"] = SecureRandom.hex(16)
end
submitted = if req.headers[HEADER]?
req.headers[HEADER]
elsif context.params.body[PARAMETER_NAME]?
@ -29,6 +30,7 @@ module Kemal::Middleware
else
"nothing"
end
current_token = context.session["csrf"]
if current_token == submitted
# reset the token so it can't be used again