Class: ActionController::RequestForgeryProtection::CookieStore

Inherits:
Object
  • Object
show all
Defined in:
actionpack/lib/action_controller/metal/request_forgery_protection.rb

Instance Method Summary collapse

Constructor Details

#initialize(cookie = :csrf_token) ⇒ CookieStore

Returns a new instance of CookieStore.



447
448
449
 
# File 'actionpack/lib/action_controller/metal/request_forgery_protection.rb', line 447

def initialize(cookie = :csrf_token)
  @cookie_name = cookie
end

Instance Method Details

#fetch(request) ⇒ Object 



451
452
453
454
455
456
457
458
459
460
461
 
# File 'actionpack/lib/action_controller/metal/request_forgery_protection.rb', line 451

def fetch(request)
  contents = request.cookie_jar.encrypted[@cookie_name]
  return nil if contents.nil?

  value = JSON.parse(contents)
  return nil unless value.dig("session_id", "public_id") == request.session.id_was&.public_id

  value["token"]
rescue JSON::ParserError
  nil
end

#reset(request) ⇒ Object 



474
475
476
 
# File 'actionpack/lib/action_controller/metal/request_forgery_protection.rb', line 474

def reset(request)
  request.cookie_jar.delete(@cookie_name)
end

#store(request, csrf_token) ⇒ Object 



463
464
465
466
467
468
469
470
471
472
 
# File 'actionpack/lib/action_controller/metal/request_forgery_protection.rb', line 463

def store(request, csrf_token)
  request.cookie_jar.encrypted.permanent[@cookie_name] = {
    value: {
      token: csrf_token,
      session_id: request.session.id,
    }.to_json,
    httponly: true,
    same_site: :lax,
  }
end