diff options
author | Guillermo Iguaran <guilleiguaran@gmail.com> | 2014-10-23 11:00:30 -0300 |
---|---|---|
committer | Guillermo Iguaran <guilleiguaran@gmail.com> | 2014-10-23 14:54:17 -0300 |
commit | 0073d274de5bf3894f6da27f798238908eed43b5 (patch) | |
tree | 41b100d6a7310f2efc0c7d5efc251436d7253461 /actionpack | |
parent | 4b11dea3917f2101d7125a967877abf19c36317a (diff) | |
download | rails-0073d274de5bf3894f6da27f798238908eed43b5.tar.gz rails-0073d274de5bf3894f6da27f798238908eed43b5.tar.bz2 rails-0073d274de5bf3894f6da27f798238908eed43b5.zip |
Use AS secure_compare for CSRF token comparison
Diffstat (limited to 'actionpack')
-rw-r--r-- | actionpack/lib/action_controller/metal/request_forgery_protection.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb index a4f376816f..fd20682f8f 100644 --- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb @@ -1,5 +1,6 @@ require 'rack/session/abstract/id' require 'action_controller/metal/exceptions' +require 'active_support/security_utils' module ActionController #:nodoc: class InvalidAuthenticityToken < ActionControllerError #:nodoc: @@ -305,8 +306,7 @@ module ActionController #:nodoc: end def compare_with_real_token(token, session) - # Borrow a constant-time comparison from Rack - Rack::Utils.secure_compare(token, real_csrf_token(session)) + ActiveSupport::SecurityUtils.secure_compare(token, real_csrf_token(session)) end def real_csrf_token(session) |