📝 Source code
# File actionpack/lib/action_controller/metal/http_authentication.rb, line 71
def http_basic_authenticate_with(options = {})
before_action(options.except(:name, :password, :realm)) do
authenticate_or_request_with_http_basic(options[:realm] || "Application") do |name, password|
# This comparison uses & so that it doesn't short circuit and
# uses `secure_compare` so that length information
# isn't leaked.
ActiveSupport::SecurityUtils.secure_compare(name, options[:name]) &
ActiveSupport::SecurityUtils.secure_compare(password, options[:password])
end
end
end
🔎 See on GitHub