Remove HTTP prefix, this is a Rack impl convention, not a standard.
This commit is contained in:
parent
8f5736a057
commit
22d6c1773e
2 changed files with 2 additions and 2 deletions
|
@ -55,7 +55,7 @@ describe "Kemal::Middleware::CSRF" do
|
||||||
body: "hasan=lamec",
|
body: "hasan=lamec",
|
||||||
headers: HTTP::Headers{"Content-Type" => "application/x-www-form-urlencoded",
|
headers: HTTP::Headers{"Content-Type" => "application/x-www-form-urlencoded",
|
||||||
"Set-Cookie" => client_response.headers["Set-Cookie"],
|
"Set-Cookie" => client_response.headers["Set-Cookie"],
|
||||||
"http-x-csrf-token" => current_token })
|
"x-csrf-token" => current_token })
|
||||||
io, context = process_request(handler, request)
|
io, context = process_request(handler, request)
|
||||||
client_response = HTTP::Client::Response.from_io(io, decompress: false)
|
client_response = HTTP::Client::Response.from_io(io, decompress: false)
|
||||||
client_response.status_code.should eq 404
|
client_response.status_code.should eq 404
|
||||||
|
|
|
@ -11,7 +11,7 @@ module Kemal::Middleware
|
||||||
# where an attacker can re-submit a form.
|
# where an attacker can re-submit a form.
|
||||||
#
|
#
|
||||||
class CSRF < HTTP::Handler
|
class CSRF < HTTP::Handler
|
||||||
HEADER = "HTTP_X_CSRF_TOKEN"
|
HEADER = "X_CSRF_TOKEN"
|
||||||
ALLOWED_METHODS = %w[GET HEAD OPTIONS TRACE]
|
ALLOWED_METHODS = %w[GET HEAD OPTIONS TRACE]
|
||||||
PARAMETER_NAME = "authenticity_token"
|
PARAMETER_NAME = "authenticity_token"
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue