diff options
| author | Hrvoje Šimić <shime@twobucks.co> | 2017-03-11 14:17:44 +0100 |
|---|---|---|
| committer | Hrvoje Šimić <shime@twobucks.co> | 2017-03-12 15:59:40 +0100 |
| commit | b383b346600d5325a211376837bc83b7ae472f46 (patch) | |
| tree | ce3ca544d577f7f23f80975c215a13ff7c9fd3fd /actionpack/lib/action_controller/metal/request_forgery_protection.rb | |
| parent | 2e752d18b37498cfaa204567342edfc79783edcb (diff) | |
| download | rails-b383b346600d5325a211376837bc83b7ae472f46.tar.gz rails-b383b346600d5325a211376837bc83b7ae472f46.tar.bz2 rails-b383b346600d5325a211376837bc83b7ae472f46.zip | |
[docs] fix ActionController documentation
[ci skip]
Diffstat (limited to 'actionpack/lib/action_controller/metal/request_forgery_protection.rb')
| -rw-r--r-- | actionpack/lib/action_controller/metal/request_forgery_protection.rb | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb index e8965a6561..d9a8b9c12d 100644 --- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb @@ -262,9 +262,9 @@ module ActionController #:nodoc: # Returns true or false if a request is verified. Checks: # - # * Is it a GET or HEAD request? Gets should be safe and idempotent + # * Is it a GET or HEAD request? GETs should be safe and idempotent # * Does the form_authenticity_token match the given token value from the params? - # * Does the X-CSRF-Token header match the form_authenticity_token + # * Does the X-CSRF-Token header match the form_authenticity_token? def verified_request? # :doc: !protect_against_forgery? || request.get? || request.head? || (valid_request_origin? && any_authenticity_token_valid?) @@ -327,7 +327,7 @@ module ActionController #:nodoc: if masked_token.length == AUTHENTICITY_TOKEN_LENGTH # This is actually an unmasked token. This is expected if # you have just upgraded to masked tokens, but should stop - # happening shortly after installing this gem + # happening shortly after installing this gem. compare_with_real_token masked_token, session elsif masked_token.length == AUTHENTICITY_TOKEN_LENGTH * 2 @@ -336,13 +336,13 @@ module ActionController #:nodoc: compare_with_real_token(csrf_token, session) || valid_per_form_csrf_token?(csrf_token, session) else - false # Token is malformed + false # Token is malformed. end end def unmask_token(masked_token) # :doc: # Split the token into the one-time pad and the encrypted - # value and decrypt it + # value and decrypt it. one_time_pad = masked_token[0...AUTHENTICITY_TOKEN_LENGTH] encrypted_csrf_token = masked_token[AUTHENTICITY_TOKEN_LENGTH..-1] xor_byte_strings(one_time_pad, encrypted_csrf_token) |