Skip to content
Snippets Groups Projects
Commit 3f0e1ce9 authored by Zhiyuan Lu's avatar Zhiyuan Lu
Browse files

Use env.dup to avoid changing env

parent fd327f6f
1 merge request!147445Fix: normal request is considered a "unauthenticated" request
......@@ -31,11 +31,10 @@ def self.call(env)
end
def self.verified?(env)
minimal_env = env.slice('REQUEST_METHOD', 'rack.session', 'HTTP_X_CSRF_TOKEN')
.merge('rack.input' => '')
minimal_env = env.slice('REQUEST_METHOD', 'rack.session', 'HTTP_X_CSRF_TOKEN', 'rack.input')
# TODO: Need to add some explanation
minimal_env['HTTP_X_CSRF_TOKEN'] ||= Rack::Request.new(env).params['authenticity_token']
minimal_env['HTTP_X_CSRF_TOKEN'] ||= Rack::Request.new(minimal_env).params['authenticity_token']
call(minimal_env)
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment