Clean up a little bit the CSRF reporting code

Small follow-up to https://github.com/basecamp/fizzy/pull/1721
This commit is contained in:
Rosa Gutierrez
2025-11-25 21:07:51 +01:00
committed by Rosa Gutierrez
parent 525efb2de8
commit fac9f3c369
@@ -33,12 +33,12 @@ module RequestForgeryProtection
end
def report_on_forgery_protection_results(origin:, token:, sec_fetch_site:)
unless [ origin, token, sec_fetch_site ].all?
info = {
origin: "#{pass_or_fail_value(origin)} (#{request.origin})",
token: "#{pass_or_fail_value(token)}",
sec_fetch_site: "#{pass_or_fail_value(sec_fetch_site)} (#{safe_fetch_site_value})"
}
results = { origin:, token:, sec_fetch_site: }
unless results.values.all?
info = results.transform_values { it ? "pass" : "fail" }
info[:origin] += " (#{request.origin})"
info[:sec_fetch_site] += " (#{safe_fetch_site_value})"
Rails.logger.info "CSRF protection check: " + info.map { it.join(" ") }.join(", ")
@@ -47,8 +47,4 @@ module RequestForgeryProtection
end
end
end
def pass_or_fail_value(result)
result ? "pass" : "fail"
end
end