Merge pull request #22263 from mastahyeti/csrf-origin-check

Add option to verify Origin header in CSRF checks [Jeremy Daer + Rafael Mendonça França]
author: Rafael França <rafaelmfranca@gmail.com> 2015-11-26 14:23:50 -0200
committer: Rafael França <rafaelmfranca@gmail.com> 2015-11-26 14:23:50 -0200
commit: e1e6499ede1dd196c03f650b95c3a0098c7c32ff (patch)
tree: 934b91cfbf3950483900976f42dd827e90edf5a0 /actionpack/lib/action_dispatch
parent: d25205241b4f8d38b8ab106ffc1c465a8a697415 (diff)
parent: 85783534fcf1baefa5b502a2bfee235ae6d612d7 (diff)
download: rails-e1e6499ede1dd196c03f650b95c3a0098c7c32ff.tar.gz
rails-e1e6499ede1dd196c03f650b95c3a0098c7c32ff.tar.bz2
rails-e1e6499ede1dd196c03f650b95c3a0098c7c32ff.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb
index bd0f38953a..3280799647 100644
--- a/actionpack/lib/action_dispatch/http/request.rb
+++ b/actionpack/lib/action_dispatch/http/request.rb
@@ -36,8 +36,8 @@ module ActionDispatch
         HTTP_ACCEPT HTTP_ACCEPT_CHARSET HTTP_ACCEPT_ENCODING
         HTTP_ACCEPT_LANGUAGE HTTP_CACHE_CONTROL HTTP_FROM
         HTTP_NEGOTIATE HTTP_PRAGMA HTTP_CLIENT_IP
-        HTTP_X_FORWARDED_FOR HTTP_VERSION
-        HTTP_X_REQUEST_ID HTTP_X_FORWARDED_HOST
+        HTTP_X_FORWARDED_FOR HTTP_ORIGIN HTTP_VERSION
+        HTTP_X_CSRF_TOKEN HTTP_X_REQUEST_ID HTTP_X_FORWARDED_HOST
         SERVER_ADDR
         ].freeze
author	Rafael França <rafaelmfranca@gmail.com>	2015-11-26 14:23:50 -0200
committer	Rafael França <rafaelmfranca@gmail.com>	2015-11-26 14:23:50 -0200
commit	e1e6499ede1dd196c03f650b95c3a0098c7c32ff (patch)
tree	934b91cfbf3950483900976f42dd827e90edf5a0 /actionpack/lib/action_dispatch
parent	d25205241b4f8d38b8ab106ffc1c465a8a697415 (diff)
parent	85783534fcf1baefa5b502a2bfee235ae6d612d7 (diff)
download	rails-e1e6499ede1dd196c03f650b95c3a0098c7c32ff.tar.gz rails-e1e6499ede1dd196c03f650b95c3a0098c7c32ff.tar.bz2 rails-e1e6499ede1dd196c03f650b95c3a0098c7c32ff.zip