-
Notifications
You must be signed in to change notification settings - Fork 257
Open
Description
def safe?
return req.get? || req.head? ||
req.params["csrf_token"] == token ||#token create every time new one
req.env["HTTP_X_CSRF_TOKEN"] == token
end
Change code ...
def existing_token
session[:csrf_token]
end
def safe?
return req.get? || req.head? ||
req.params["csrf_token"] == existing_token ||
req.env["HTTP_X_CSRF_TOKEN"] == existing_token
end
Also
def session
return req.env["rack.session"]
end
return nil with errors like this
undefined method `[]' for nil:NilClass session[:csrf_token] ||= SecureRandom.base64(32) ^^^^^^^^^^^^^Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
No labels