Class: Merb::Rack::Csrf
- Inherits:
-
Middleware
- Object
- Middleware
- Merb::Rack::Csrf
- Defined in:
- lib/merb-core/rack/middleware/csrf.rb
Constant Summary collapse
- HTML_TYPES =
%w(text/html application/xhtml+xml)
- POST_FORM_RE =
Regexp.compile('(<form\W[^>]*\bmethod=(\'|"|)POST(\'|"|)\b[^>]*>)', Regexp::IGNORECASE)
- ERROR_MSG =
'<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><body><h1>403 Forbidden</h1><p>Cross Site Request Forgery detected. Request aborted.</p></body></html>'.freeze
Instance Method Summary collapse
Methods inherited from Middleware
Constructor Details
This class inherits a constructor from Merb::Rack::Middleware
Instance Method Details
#call(env) ⇒ Object
11 12 13 14 15 16 17 18 19 20 21 |
# File 'lib/merb-core/rack/middleware/csrf.rb', line 11 def call(env) status, header, body = @app.call(env) body = body.to_s if env[Merb::Const::REQUEST_METHOD] == Merb::Const::GET body = process_response(body) if valid_content_type?(header[Merb::Const::CONTENT_TYPE]) elsif env[Merb::Const::REQUEST_METHOD] == Merb::Const::POST status, body = process_request(env, status, body) end [status, header, body] end |