Class: Merb::Rack::Csrf

Inherits:
Middleware show all
Defined in:
lib/merb-core/rack/middleware/csrf.rb

Constant Summary collapse

HTML_TYPES = 
%w(text/html application/xhtml+xml)
POST_FORM_RE = 
Regexp.compile('(<form\W[^>]*\bmethod=(\'|"|)POST(\'|"|)\b[^>]*>)', Regexp::IGNORECASE)
ERROR_MSG = 
'<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><body><h1>403 Forbidden</h1><p>Cross Site Request Forgery detected. Request aborted.</p></body></html>'.freeze

Instance Method Summary collapse

Methods inherited from Middleware

#deferred?, #initialize

Constructor Details

This class inherits a constructor from Merb::Rack::Middleware

Instance Method Details

#call(env) ⇒ Object 



11
12
13
14
15
16
17
18
19
20
21
 
# File 'lib/merb-core/rack/middleware/csrf.rb', line 11

def call(env)
  status, header, body = @app.call(env)
  body = body.to_s
  if env[Merb::Const::REQUEST_METHOD] == Merb::Const::GET
    body = process_response(body) if valid_content_type?(header[Merb::Const::CONTENT_TYPE])
  elsif env[Merb::Const::REQUEST_METHOD] == Merb::Const::POST
    status, body = process_request(env, status, body)
  end

  [status, header, body]
end