From fac9f3c369e08e1bdae17d737ab42e1288ef2620 Mon Sep 17 00:00:00 2001 From: Rosa Gutierrez Date: Tue, 25 Nov 2025 21:07:51 +0100 Subject: [PATCH] Clean up a little bit the CSRF reporting code Small follow-up to https://github.com/basecamp/fizzy/pull/1721 --- .../concerns/request_forgery_protection.rb | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/app/controllers/concerns/request_forgery_protection.rb b/app/controllers/concerns/request_forgery_protection.rb index b3ca6ceed..682e88a7d 100644 --- a/app/controllers/concerns/request_forgery_protection.rb +++ b/app/controllers/concerns/request_forgery_protection.rb @@ -33,12 +33,12 @@ module RequestForgeryProtection end def report_on_forgery_protection_results(origin:, token:, sec_fetch_site:) - unless [ origin, token, sec_fetch_site ].all? - info = { - origin: "#{pass_or_fail_value(origin)} (#{request.origin})", - token: "#{pass_or_fail_value(token)}", - sec_fetch_site: "#{pass_or_fail_value(sec_fetch_site)} (#{safe_fetch_site_value})" - } + results = { origin:, token:, sec_fetch_site: } + + unless results.values.all? + info = results.transform_values { it ? "pass" : "fail" } + info[:origin] += " (#{request.origin})" + info[:sec_fetch_site] += " (#{safe_fetch_site_value})" Rails.logger.info "CSRF protection check: " + info.map { it.join(" ") }.join(", ") @@ -47,8 +47,4 @@ module RequestForgeryProtection end end end - - def pass_or_fail_value(result) - result ? "pass" : "fail" - end end