class UnifiedCsrfPrevention::Middleware

Rack middleware to set the token and checksum cookies See github.com/xing/cross-application-csrf-prevention#token-generation

Public Class Methods

new(app) click to toggle source
# File lib/unified_csrf_prevention/middleware.rb, line 9
def initialize(app)
  @app = app
end

Public Instance Methods

call(env) click to toggle source
# File lib/unified_csrf_prevention/middleware.rb, line 13
def call(env)
  status, headers, body = @app.call(env)

  if env.key?(Core::TOKEN_RACK_ENV_VAR)
    token = env[Core::TOKEN_RACK_ENV_VAR]
    set_csrf_cookies!(headers, token)
    Rails.logger.info("Set CSRF token: #{token}")
  end

  [status, headers, body]
end

Private Instance Methods

secure_cookies?() click to toggle source
# File lib/unified_csrf_prevention/middleware.rb, line 44
def secure_cookies?
  Rails.env.production? || Rails.env.preview?
end
set_csrf_cookies!(headers, token) click to toggle source
# File lib/unified_csrf_prevention/middleware.rb, line 27
def set_csrf_cookies!(headers, token)
  checksum = Core.checksum_for(token)

  set_cookie!(headers, Core::TOKEN_COOKIE_NAME, value: token)
  set_cookie!(headers, Core::CHECKSUM_COOKIE_NAME, value: checksum, httponly: true)
end