Need to initialize the session token or forms won't render

This commit is contained in:
Mike Perham 2016-06-28 16:46:45 -07:00
parent e407d0195c
commit 8f5736a057

View file

@ -16,12 +16,13 @@ module Kemal::Middleware
PARAMETER_NAME = "authenticity_token" PARAMETER_NAME = "authenticity_token"
def call(context) def call(context)
unless context.session["csrf"]?
context.session["csrf"] = SecureRandom.hex(16)
end
return call_next(context) if ALLOWED_METHODS.includes?(context.request.method) return call_next(context) if ALLOWED_METHODS.includes?(context.request.method)
req = context.request req = context.request
current_token = context.session["csrf"]? || begin
context.session["csrf"] = SecureRandom.hex(16)
end
submitted = if req.headers[HEADER]? submitted = if req.headers[HEADER]?
req.headers[HEADER] req.headers[HEADER]
elsif context.params.body[PARAMETER_NAME]? elsif context.params.body[PARAMETER_NAME]?
@ -29,6 +30,7 @@ module Kemal::Middleware
else else
"nothing" "nothing"
end end
current_token = context.session["csrf"]
if current_token == submitted if current_token == submitted
# reset the token so it can't be used again # reset the token so it can't be used again