Plugin::AntiCsrf: fix error handling

diff --git a/src/newslash_web/lib/Newslash/Plugin/AntiCsrf.pm b/src/newslash_web/lib/Newslash/Plugin/AntiCsrf.pm
index de7473b..36bfc47 100644 (file)
--- a/src/newslash_web/lib/Newslash/Plugin/AntiCsrf.pm
+++ b/src/newslash_web/lib/Newslash/Plugin/AntiCsrf.pm
@@ -77,6 +77,7 @@ sub register {
                    my $session = $c->session('session');
                    if (!$token || !$self->validate_token($token, $check_id, $session->{token})) {
                        my $url = $c->url_for();
+                       $token ||= "";
                        $c->app->log->debug("invalid csrf_token: $token for: $url");
                        # validation error
                        $c->render(json => { error => 1, reason => "invalid_csrf_token", message => "AntiCsrf: validation error" });