Skip to content

CSRF with req.evn['rack.session'] #109

New issue
New issue
Open
Open
CSRF with req.evn['rack.session']#109
@456asf

Description

@456asf
456asf
opened on May 17, 2025
def safe?
  return req.get? || req.head? ||
    req.params["csrf_token"] == token ||#token create every time new one
    req.env["HTTP_X_CSRF_TOKEN"] == token
end
Change code ...
def existing_token
  session[:csrf_token]
end

def safe?
  return req.get? || req.head? ||
    req.params["csrf_token"] == existing_token ||
    req.env["HTTP_X_CSRF_TOKEN"] == existing_token
end

Also 
 def session
          return req.env["rack.session"]
        end

return nil with errors  like this 
undefined method `[]' for nil:NilClass session[:csrf_token] ||= SecureRandom.base64(32) ^^^^^^^^^^^^^

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions