Block invalid requests instead of raising error

sinatra · Feb 2, 2022 · 759a8eb · 759a8eb
1 parent f6cee1c
commit 759a8eb
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/rack-protection/lib/rack/protection/authenticity_token.rb b/rack-protection/lib/rack/protection/authenticity_token.rb
@@ -112,6 +112,8 @@ def accepts?(env)
           valid_token?(env, env['HTTP_X_CSRF_TOKEN']) ||
           valid_token?(env, Request.new(env).params[options[:authenticity_param]]) ||
           ( options[:allow_if] && options[:allow_if].call(env) )
+      rescue
+        false
       end
 
       def mask_authenticity_token(session, path: nil, method: :post)