diff options
| -rw-r--r-- | actionpack/lib/action_controller/metal/request_forgery_protection.rb | 8 | ||||
| -rw-r--r-- | actionpack/lib/action_dispatch/middleware/cookies.rb | 10 |
2 files changed, 5 insertions, 13 deletions
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb index 8def048178..6a55a61abe 100644 --- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb @@ -139,7 +139,7 @@ module ActionController #:nodoc: request.session = NullSessionHash.new(request.env) request.env['action_dispatch.request.flash_hash'] = nil request.env['rack.session.options'] = { skip: true } - request.env['action_dispatch.cookies'] = NullCookieJar.build(request) + request.env['action_dispatch.cookies'] = NullCookieJar.build(request, {}) end protected @@ -160,12 +160,6 @@ module ActionController #:nodoc: end class NullCookieJar < ActionDispatch::Cookies::CookieJar #:nodoc: - def self.build(request) - host = request.host - - new(host, request) - end - def write(*) # nothing end diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb index 275e16c802..41c4523ecb 100644 --- a/actionpack/lib/action_dispatch/middleware/cookies.rb +++ b/actionpack/lib/action_dispatch/middleware/cookies.rb @@ -259,16 +259,14 @@ module ActionDispatch DOMAIN_REGEXP = /[^.]*\.([^.]*|..\...|...\...)$/ def self.build(req, cookies) - host = req.host - new(host, req).tap do |hash| + new(req).tap do |hash| hash.update(cookies) end end - def initialize(host = nil, request) + def initialize(request) @set_cookies = {} @delete_cookies = {} - @host = host @request = request @cookies = {} @committed = false @@ -318,12 +316,12 @@ module ActionDispatch # if host is not ip and matches domain regexp # (ip confirms to domain regexp so we explicitly check for ip) - options[:domain] = if (@host !~ /^[\d.]+$/) && (@host =~ domain_regexp) + options[:domain] = if (@request.host !~ /^[\d.]+$/) && (@request.host =~ domain_regexp) ".#{$&}" end elsif options[:domain].is_a? Array # if host matches one of the supplied domains without a dot in front of it - options[:domain] = options[:domain].find {|domain| @host.include? domain.sub(/^\./, '') } + options[:domain] = options[:domain].find {|domain| @request.host.include? domain.sub(/^\./, '') } end end |