ruby 关于葡萄的CSRF

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ruby 关于葡萄的CSRF相关的知识,希望对你有一定的参考价值。

# based on http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html

module Auth
  extend ActiveSupport::Concern

  included do
    helpers do
      def session
        env['rack.session']
      end

      def protect_against_forgery
        unless verified_request?
          error!('Unauthorized', 401)
        end
      end

      def verified_request?
        !protect_against_forgery? || request.get? || request.head? ||
          form_authenticity_token == request.headers['X-CSRF-Token'] ||
          form_authenticity_token == request.headers['X-Csrf-Token']
      end

      def form_authenticity_token
        session[:_csrf_token] ||= SecureRandom.base64(32)
      end

      def protect_against_forgery?
        allow_forgery_protection = Rails.configuration.action_controller.allow_forgery_protection
        allow_forgery_protection.nil? || allow_forgery_protection
      end
    end
  end
end
class Controller < Grape::API
  include Auth

  before do
    protect_against_forgery
  end

  resource :something do
    ...
  end
end
 

以上是关于ruby 关于葡萄的CSRF的主要内容,如果未能解决你的问题,请参考以下文章

ruby 展示葡萄路线

『Ruby美食』白葡萄酒海鲜意面(Seafood Pasta with White Wine)

87.『Ruby烘焙』英式快手点心~葡萄干司康(Scone)

AOC还是AOP,傻傻分不清楚?

葡萄酒中,AOP代表什么意思?

关于JSON CSRF的一些思考