Class: Pakyow::Security::CSRF::VerifyAuthenticityToken

Inherits:

Base

• Object
• Base
• Pakyow::Security::CSRF::VerifyAuthenticityToken

Defined in:

lib/pakyow/security/csrf/verify_authenticity_token.rb

Overview

Protects against Cross-Site Forgery Requests (CSRF). www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet

Requires a valid token be passed as a request parameter. The token consists of a client id (unique to the request) and a digest generated from the client id and the server id stored in the session.

See Also:

• Pakyow::Support::MessageVerifier

Constant Summary

Constants inherited from Base

Base::SAFE_HTTP_METHODS

Instance Method Summary

• #allowed?(connection) ⇒ Boolean

Methods inherited from Base

#call, #initialize, #reject, #safe?

Constructor Details

This class inherits a constructor from Pakyow::Security::Base

Instance Method Details

#allowed?(connection) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/pakyow/security/csrf/verify_authenticity_token.rb', line 20

def allowed?(connection)
  connection.verifier.verify(connection.params[connection.app.config.security.csrf.param])
end