Clean up a little bit the CSRF reporting code
Small follow-up to https://github.com/basecamp/fizzy/pull/1721
This commit is contained in:
committed by
Rosa Gutierrez
parent
525efb2de8
commit
fac9f3c369
@@ -33,12 +33,12 @@ module RequestForgeryProtection
|
||||
end
|
||||
|
||||
def report_on_forgery_protection_results(origin:, token:, sec_fetch_site:)
|
||||
unless [ origin, token, sec_fetch_site ].all?
|
||||
info = {
|
||||
origin: "#{pass_or_fail_value(origin)} (#{request.origin})",
|
||||
token: "#{pass_or_fail_value(token)}",
|
||||
sec_fetch_site: "#{pass_or_fail_value(sec_fetch_site)} (#{safe_fetch_site_value})"
|
||||
}
|
||||
results = { origin:, token:, sec_fetch_site: }
|
||||
|
||||
unless results.values.all?
|
||||
info = results.transform_values { it ? "pass" : "fail" }
|
||||
info[:origin] += " (#{request.origin})"
|
||||
info[:sec_fetch_site] += " (#{safe_fetch_site_value})"
|
||||
|
||||
Rails.logger.info "CSRF protection check: " + info.map { it.join(" ") }.join(", ")
|
||||
|
||||
@@ -47,8 +47,4 @@ module RequestForgeryProtection
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def pass_or_fail_value(result)
|
||||
result ? "pass" : "fail"
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user