Check for nil response on JsonCsrf protection #52

Merged
merged 2 commits into from Apr 8, 2013

Projects

None yet

3 participants

@bugant
Contributor
bugant commented Apr 8, 2013

Some reaction do not return a response, think for example drop_session. In that case a nil response will be returned where a rack tuple is expected.

This should fix issue #50

bugant added some commits Apr 8, 2013
@bugant bugant Add regression test for issue #50
Running specs you get

Failures:

  1) Rack::Protection::JsonCsrf with drop_session as default reaction reset the session
     Failure/Error: get('/', {}, 'HTTP_REFERER' => 'http://evil.com', 'rack.session' => session)
     NoMethodError:
       undefined method `detect' for nil:NilClass
     # ./lib/rack/protection/base.rb:107:in `html?'
     # ./lib/rack/protection/frame_options.rb:32:in `call'
     # ./spec/json_csrf_spec.rb:54:in `block (3 levels) in <top (required)>'
d1f0300
@bugant bugant FIX: check for nil response on JsonCsrf protection
Some reaction do not return a response, think for example drop_session. In that case a nil response
would be returned, see issue #50.
eb7e4c9
@rkh rkh merged commit 7c4b33b into sinatra:master Apr 8, 2013

1 check passed

default The Travis build passed
Details
@danp
danp commented Apr 30, 2013

Have any plans for a release including this? It'd let me get back to not needing to list rack-protection in my Gemfile which I'd appreciate. 😎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment