From bf067b41e58409240a0370993069eb8820ca12a6 Mon Sep 17 00:00:00 2001
From: Ville Lautanala <lautis@gmail.com>
Date: Thu, 12 Feb 2015 22:24:45 +0200
Subject: Handle non-string authenticity tokens

Non-string authenticity tokens raised NoMethodError when decoding the
masked token.
---
 actionpack/lib/action_controller/metal/request_forgery_protection.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'actionpack/lib/action_controller/metal/request_forgery_protection.rb')

diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index 7facbe79aa..7a7e2431b2 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -279,7 +279,7 @@ module ActionController #:nodoc:
 
         begin
           masked_token = Base64.strict_decode64(encoded_masked_token)
-        rescue ArgumentError # encoded_masked_token is invalid Base64
+        rescue ArgumentError, NoMethodError # encoded_masked_token is invalid Base64
           return false
         end
 
-- 
cgit v1.2.3