Remove HTTP prefix, this is a Rack impl convention, not a standard.
This commit is contained in:
parent
8f5736a057
commit
22d6c1773e
2 changed files with 2 additions and 2 deletions
|
@ -55,7 +55,7 @@ describe "Kemal::Middleware::CSRF" do
|
|||
body: "hasan=lamec",
|
||||
headers: HTTP::Headers{"Content-Type" => "application/x-www-form-urlencoded",
|
||||
"Set-Cookie" => client_response.headers["Set-Cookie"],
|
||||
"http-x-csrf-token" => current_token })
|
||||
"x-csrf-token" => current_token })
|
||||
io, context = process_request(handler, request)
|
||||
client_response = HTTP::Client::Response.from_io(io, decompress: false)
|
||||
client_response.status_code.should eq 404
|
||||
|
|
|
@ -11,7 +11,7 @@ module Kemal::Middleware
|
|||
# where an attacker can re-submit a form.
|
||||
#
|
||||
class CSRF < HTTP::Handler
|
||||
HEADER = "HTTP_X_CSRF_TOKEN"
|
||||
HEADER = "X_CSRF_TOKEN"
|
||||
ALLOWED_METHODS = %w[GET HEAD OPTIONS TRACE]
|
||||
PARAMETER_NAME = "authenticity_token"
|
||||
|
||||
|
|
Loading…
Reference in a new issue