Need to initialize the session token or forms won't render
This commit is contained in:
parent
e407d0195c
commit
8f5736a057
1 changed files with 5 additions and 3 deletions
|
@ -16,12 +16,13 @@ module Kemal::Middleware
|
||||||
PARAMETER_NAME = "authenticity_token"
|
PARAMETER_NAME = "authenticity_token"
|
||||||
|
|
||||||
def call(context)
|
def call(context)
|
||||||
|
unless context.session["csrf"]?
|
||||||
|
context.session["csrf"] = SecureRandom.hex(16)
|
||||||
|
end
|
||||||
|
|
||||||
return call_next(context) if ALLOWED_METHODS.includes?(context.request.method)
|
return call_next(context) if ALLOWED_METHODS.includes?(context.request.method)
|
||||||
|
|
||||||
req = context.request
|
req = context.request
|
||||||
current_token = context.session["csrf"]? || begin
|
|
||||||
context.session["csrf"] = SecureRandom.hex(16)
|
|
||||||
end
|
|
||||||
submitted = if req.headers[HEADER]?
|
submitted = if req.headers[HEADER]?
|
||||||
req.headers[HEADER]
|
req.headers[HEADER]
|
||||||
elsif context.params.body[PARAMETER_NAME]?
|
elsif context.params.body[PARAMETER_NAME]?
|
||||||
|
@ -29,6 +30,7 @@ module Kemal::Middleware
|
||||||
else
|
else
|
||||||
"nothing"
|
"nothing"
|
||||||
end
|
end
|
||||||
|
current_token = context.session["csrf"]
|
||||||
|
|
||||||
if current_token == submitted
|
if current_token == submitted
|
||||||
# reset the token so it can't be used again
|
# reset the token so it can't be used again
|
||||||
|
|
Loading…
Reference in a new issue