discourse/lib/csrf_token_verifier.rb
2023-01-09 12:10:19 +00:00

32 lines
734 B
Ruby

# frozen_string_literal: true
# Provides a way to check a CSRF token outside of a controller
class CSRFTokenVerifier
class InvalidCSRFToken < StandardError
end
include ActiveSupport::Configurable
include ActionController::RequestForgeryProtection
# Use config from ActionController::Base
config.each_key do |configuration_name|
undef_method configuration_name
define_method configuration_name do
ActionController::Base.config[configuration_name]
end
end
def call(env)
@request = ActionDispatch::Request.new(env.dup)
raise InvalidCSRFToken unless verified_request?
end
public :form_authenticity_token
private
attr_reader :request
delegate :params, :session, to: :request
end