69fc0e1b5e
This merges in the code from the breach-mitigation-rails gem that masks authenticity tokens on each request by XORing them with a random set of bytes. The masking is used to make it impossible for an attacker to steal a CSRF token from an SSL session by using techniques like the BREACH attack. The patch is pretty simple - I've copied over the [relevant code](https://github.com/meldium/breach-mitigation-rails/blob/master/lib/breach_mitigation/masking_secrets.rb) and updated the tests to pass, mostly by adjusting stubs and mocks. |
||
---|---|---|
.. | ||
abstract_controller | ||
action_controller | ||
action_dispatch | ||
action_pack | ||
abstract_controller.rb | ||
action_controller.rb | ||
action_dispatch.rb | ||
action_pack.rb |