Module: Gitlab::RequestForgeryProtection

Defined in:
lib/gitlab/request_forgery_protection.rb

Defined Under Namespace

Classes: Controller

Class Method Summary collapse

Class Method Details

.appObject


17
18
19
# File 'lib/gitlab/request_forgery_protection.rb', line 17

def self.app
  @app ||= Controller.action(:index)
end

.call(env) ⇒ Object


21
22
23
# File 'lib/gitlab/request_forgery_protection.rb', line 21

def self.call(env)
  app.call(env)
end

.verified?(env) ⇒ Boolean

Returns:

  • (Boolean)

25
26
27
28
29
30
31
32
33
# File 'lib/gitlab/request_forgery_protection.rb', line 25

def self.verified?(env)
  minimal_env = env.slice('REQUEST_METHOD', 'rack.session', 'HTTP_X_CSRF_TOKEN')
                  .merge('rack.input' => '')
  call(minimal_env)

  true
rescue ActionController::InvalidAuthenticityToken
  false
end