diff options
author | Bradley Buda <bradleybuda@gmail.com> | 2014-08-19 14:29:26 -0700 |
---|---|---|
committer | Bradley Buda <bradleybuda@gmail.com> | 2014-08-19 15:28:07 -0700 |
commit | 69fc0e1b5e6a3227576d67587c386142ef65854e (patch) | |
tree | 252a9f1cf5badc0945eaed8abbbb94c5c0a44700 /actionpack/lib/action_pack.rb | |
parent | 4751a8c51ff4b9766dcf8324347477095b7f940d (diff) | |
download | rails-69fc0e1b5e6a3227576d67587c386142ef65854e.tar.gz rails-69fc0e1b5e6a3227576d67587c386142ef65854e.tar.bz2 rails-69fc0e1b5e6a3227576d67587c386142ef65854e.zip |
Auth token mask from breach-mitigation-rails gem
This merges in the code from the breach-mitigation-rails gem that masks
authenticity tokens on each request by XORing them with a random set of
bytes. The masking is used to make it impossible for an attacker to
steal a CSRF token from an SSL session by using techniques like the
BREACH attack.
The patch is pretty simple - I've copied over the [relevant
code](https://github.com/meldium/breach-mitigation-rails/blob/master/lib/breach_mitigation/masking_secrets.rb)
and updated the tests to pass, mostly by adjusting stubs and mocks.
Diffstat (limited to 'actionpack/lib/action_pack.rb')
0 files changed, 0 insertions, 0 deletions