Skip to content

Commit 759a8eb

Browse files
committed
Block invalid requests instead of raising error
1 parent f6cee1c commit 759a8eb

File tree

1 file changed

+2
-0
lines changed

1 file changed

+2
-0
lines changed

rack-protection/lib/rack/protection/authenticity_token.rb

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -112,6 +112,8 @@ def accepts?(env)
112112
valid_token?(env, env['HTTP_X_CSRF_TOKEN']) ||
113113
valid_token?(env, Request.new(env).params[options[:authenticity_param]]) ||
114114
( options[:allow_if] && options[:allow_if].call(env) )
115+
rescue
116+
false
115117
end
116118

117119
def mask_authenticity_token(session, path: nil, method: :post)

0 commit comments

Comments
 (0)