Block invalid requests instead of raising error

jkowens · jkowens · commit 759a8eb21e26 · 2022-02-02T15:44:35.000-05:00
diff --git a/rack-protection/lib/rack/protection/authenticity_token.rb b/rack-protection/lib/rack/protection/authenticity_token.rb
@@ -112,6 +112,8 @@ def accepts?(env)
           valid_token?(env, env['HTTP_X_CSRF_TOKEN']) ||
           valid_token?(env, Request.new(env).params[options[:authenticity_param]]) ||
           ( options[:allow_if] && options[:allow_if].call(env) )
+      rescue
+        false
       end
 
       def mask_authenticity_token(session, path: nil, method: :post)
