Need to initialize the session token or forms won't render
This commit is contained in:
parent
e407d0195c
commit
8f5736a057
1 changed files with 5 additions and 3 deletions
|
@ -16,12 +16,13 @@ module Kemal::Middleware
|
|||
PARAMETER_NAME = "authenticity_token"
|
||||
|
||||
def call(context)
|
||||
unless context.session["csrf"]?
|
||||
context.session["csrf"] = SecureRandom.hex(16)
|
||||
end
|
||||
|
||||
return call_next(context) if ALLOWED_METHODS.includes?(context.request.method)
|
||||
|
||||
req = context.request
|
||||
current_token = context.session["csrf"]? || begin
|
||||
context.session["csrf"] = SecureRandom.hex(16)
|
||||
end
|
||||
submitted = if req.headers[HEADER]?
|
||||
req.headers[HEADER]
|
||||
elsif context.params.body[PARAMETER_NAME]?
|
||||
|
@ -29,6 +30,7 @@ module Kemal::Middleware
|
|||
else
|
||||
"nothing"
|
||||
end
|
||||
current_token = context.session["csrf"]
|
||||
|
||||
if current_token == submitted
|
||||
# reset the token so it can't be used again
|
||||
|
|
Loading…
Reference in a new issue