Module: Gitlab::RequestForgeryProtection

Defined in:: lib/gitlab/request_forgery_protection.rb

Defined Under Namespace

Class Method Summary collapse

.app ⇒ Object
.call(env) ⇒ Object
.verified?(env) ⇒ Boolean

Class Method Details

.app ⇒ `Object`


17
18
19

# File 'lib/gitlab/request_forgery_protection.rb', line 17

def self.app
  @app ||= Controller.action(:index)
end

.call(env) ⇒ `Object`


21
22
23

# File 'lib/gitlab/request_forgery_protection.rb', line 21

def self.call(env)
  app.call(env)
end

.verified?(env) ⇒ `Boolean`

Returns:

(Boolean)

# File 'lib/gitlab/request_forgery_protection.rb', line 25

def self.verified?(env)
  minimal_env = env.slice('REQUEST_METHOD', 'rack.session', 'HTTP_X_CSRF_TOKEN')
                  .merge('rack.input' => '')
  call(minimal_env)

  true
rescue ActionController::InvalidAuthenticityToken
  false
end

Module: Gitlab::RequestForgeryProtection

Defined Under Namespace

Class Method Summary collapse

Class Method Details

.app ⇒ Object

.call(env) ⇒ Object

.verified?(env) ⇒ Boolean

.app ⇒ `Object`

.call(env) ⇒ `Object`

.verified?(env) ⇒ `Boolean`