class Quilt::HeaderCsrfStrategy

Constants

HEADER_VALUE

Public Class Methods

new(controller) click to toggle source
# File lib/quilt_rails/header_csrf_strategy.rb, line 8
def initialize(controller)
  @controller = controller
end

Public Instance Methods

handle_unverified_request() click to toggle source
# File lib/quilt_rails/header_csrf_strategy.rb, line 12
def handle_unverified_request
  raise NoSameSiteHeaderError unless same_site?
end

Private Instance Methods

fallback_handler() click to toggle source
# File lib/quilt_rails/header_csrf_strategy.rb, line 22
def fallback_handler
  ActionController::RequestForgeryProtection::ProtectionMethods::Exception.new(@controller)
end
same_site?() click to toggle source
# File lib/quilt_rails/header_csrf_strategy.rb, line 18
def same_site?
  @controller.request.headers[HEADER] == HEADER_VALUE
end