Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Check for nil response on JsonCsrf protection #52

Merged
merged 2 commits into from Apr 8, 2013

Conversation

Projects
None yet
3 participants
Contributor

bugant commented Apr 8, 2013

Some reaction do not return a response, think for example drop_session. In that case a nil response will be returned where a rack tuple is expected.

This should fix issue #50

bugant added some commits Apr 8, 2013

Add regression test for issue #50
Running specs you get

Failures:

  1) Rack::Protection::JsonCsrf with drop_session as default reaction reset the session
     Failure/Error: get('/', {}, 'HTTP_REFERER' => 'http://evil.com', 'rack.session' => session)
     NoMethodError:
       undefined method `detect' for nil:NilClass
     # ./lib/rack/protection/base.rb:107:in `html?'
     # ./lib/rack/protection/frame_options.rb:32:in `call'
     # ./spec/json_csrf_spec.rb:54:in `block (3 levels) in <top (required)>'
FIX: check for nil response on JsonCsrf protection
Some reaction do not return a response, think for example drop_session. In that case a nil response
would be returned, see issue #50.

rkh added a commit that referenced this pull request Apr 8, 2013

Merge pull request #52 from bugant/master
Check for nil response on JsonCsrf protection

@rkh rkh merged commit 7c4b33b into sinatra:master Apr 8, 2013

1 check passed

default The Travis build passed
Details

danp commented Apr 30, 2013

Have any plans for a release including this? It'd let me get back to not needing to list rack-protection in my Gemfile which I'd appreciate. 😎

zzak pushed a commit that referenced this pull request Aug 12, 2016

Merge pull request #52 from bugant/master
Check for nil response on JsonCsrf protection
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment