discourse/lib/csrf_token_verifier.rb

# frozen_string_literal: true

# Provides a way to check a CSRF token outside of a controller
class CSRFTokenVerifier
  include ActiveSupport::Configurable
  include ActionController::RequestForgeryProtection

  # Use config from ActionController::Base
  config.each_key do |configuration_name|
    undef_method configuration_name
    define_method configuration_name do
      ActionController::Base.config[configuration_name]
    end
  end

  def call(env)
    @request = ActionDispatch::Request.new(env.dup)

    unless verified_request?
      raise ActionController::InvalidAuthenticityToken
    end
  end

  private

  attr_reader :request
  delegate :params, :session, to: :request
end
SECURITY: Require POST with CSRF token for OmniAuth request phase 2019-08-08 18:57:28 +08:00			`# frozen_string_literal: true`

			`# Provides a way to check a CSRF token outside of a controller`
			`class CSRFTokenVerifier`
			`include ActiveSupport::Configurable`
			`include ActionController::RequestForgeryProtection`

			`# Use config from ActionController::Base`
			`config.each_key do \|configuration_name\|`
			`undef_method configuration_name`
			`define_method configuration_name do`
			`ActionController::Base.config[configuration_name]`
			`end`
			`end`

			`def call(env)`
			`@request = ActionDispatch::Request.new(env.dup)`

			`unless verified_request?`
			`raise ActionController::InvalidAuthenticityToken`
			`end`
			`end`

			`private`

			`attr_reader :request`
			`delegate :params, :session, to: :request`
			`end`