From 53596dd3a782175fe89c42d8ad81f4a4c1ec6384 Mon Sep 17 00:00:00 2001 From: Morgan Aubert Date: Sun, 27 Oct 2024 09:06:43 -0400 Subject: [PATCH] Fix QA issue --- .../handlers/concerns/request_forgery_protection_spec.cr | 4 ++-- src/marten/handlers/concerns/request_forgery_protection.cr | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/spec/marten/handlers/concerns/request_forgery_protection_spec.cr b/spec/marten/handlers/concerns/request_forgery_protection_spec.cr index b19f15698..1fe6edeff 100644 --- a/spec/marten/handlers/concerns/request_forgery_protection_spec.cr +++ b/spec/marten/handlers/concerns/request_forgery_protection_spec.cr @@ -111,7 +111,7 @@ describe Marten::Handlers::RequestForgeryProtection do response.status.should eq 200 end - it "allows #{unsafe_method} requests if the csrftoken data parameter is specified and matches the CSRF token cookie" do + it "allows #{unsafe_method} requests if the csrftoken data parameter matches the CSRF token cookie" do token = Marten::Handlers::RequestForgeryProtectionSpec::EXAMPLE_MASKED_SECRET_1 raw_request = ::HTTP::Request.new( @@ -130,7 +130,7 @@ describe Marten::Handlers::RequestForgeryProtection do response.status.should eq 200 end - it "allows #{unsafe_method} requests if the csrftoken data parameter is specified and matches the sessions CSRF token" do + it "allows #{unsafe_method} requests if the csrftoken data parameter matches the sessions CSRF token" do session_store = Marten::HTTP::Session::Store::Cookie.new("sessionkey") Marten.settings.csrf.use_session = true diff --git a/src/marten/handlers/concerns/request_forgery_protection.cr b/src/marten/handlers/concerns/request_forgery_protection.cr index 2b3091c81..372cd9da8 100644 --- a/src/marten/handlers/concerns/request_forgery_protection.cr +++ b/src/marten/handlers/concerns/request_forgery_protection.cr @@ -194,7 +194,6 @@ module Marten return reject("CSRF token is missing") end - request_csrf_token = nil request_csrf_token = request.data.fetch(CSRF_TOKEN_REQUEST_DATA_NAME, nil) request_csrf_token = request.headers[CSRF_TOKEN_HEADER_NAME]? if request_csrf_token.nil?