Remove HTTP prefix, this is a Rack impl convention, not a standard.

This commit is contained in:
Mike Perham 2016-06-29 14:52:47 -07:00
parent 8f5736a057
commit 22d6c1773e
2 changed files with 2 additions and 2 deletions

View file

@ -55,7 +55,7 @@ describe "Kemal::Middleware::CSRF" do
body: "hasan=lamec",
headers: HTTP::Headers{"Content-Type" => "application/x-www-form-urlencoded",
"Set-Cookie" => client_response.headers["Set-Cookie"],
"http-x-csrf-token" => current_token })
"x-csrf-token" => current_token })
io, context = process_request(handler, request)
client_response = HTTP::Client::Response.from_io(io, decompress: false)
client_response.status_code.should eq 404

View file

@ -11,7 +11,7 @@ module Kemal::Middleware
# where an attacker can re-submit a form.
#
class CSRF < HTTP::Handler
HEADER = "HTTP_X_CSRF_TOKEN"
HEADER = "X_CSRF_TOKEN"
ALLOWED_METHODS = %w[GET HEAD OPTIONS TRACE]
PARAMETER_NAME = "authenticity_token"