Merge pull request #2 from kobsy/dup-env

Avoid modifying POST params on env while checking for CSRF token
cookpad · Jun 4, 2019 · fc0d864 · fc0d864
2 parents b377533 + 08d506c
commit fc0d864
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/omniauth/rails_csrf_protection/token_verifier.rb b/lib/omniauth/rails_csrf_protection/token_verifier.rb
@@ -28,7 +28,7 @@ class TokenVerifier
       end
 
       def call(env)
-        @request = ActionDispatch::Request.new(env)
+        @request = ActionDispatch::Request.new(env.dup)
 
         unless verified_request?
           raise ActionController::InvalidAuthenticityToken