neopoly · rrrene · Apr 7, 2016 · Apr 7, 2016 · Apr 7, 2016 · splattael
diff --git a/lib/facebook_canvas/engine.rb b/lib/facebook_canvas/engine.rb
@@ -1,8 +1,11 @@
 module FacebookCanvas
   class Engine < ::Rails::Engine
+    DEFAULT_SERVER_REGEX = /.*/
+    DEFAULT_CUSTOM_FILTER = proc { |_env| true }
+
     initializer "FacebookCanvas.middleware" do |app|
-      server_name = FacebookCanvas.server_name || /.*/
-      custom_filter = FacebookCanvas.custom_filter || proc { |_env| true }
+      server_name = FacebookCanvas.server_name || DEFAULT_SERVER_REGEX
+      custom_filter = FacebookCanvas.custom_filter || DEFAULT_CUSTOM_FILTER
       app.config.middleware.use FacebookCanvas::Middleware, server_name, custom_filter
 
       ApplicationController.prepend FacebookCanvas::Helpers

diff --git a/lib/facebook_canvas/middleware.rb b/lib/facebook_canvas/middleware.rb
@@ -20,7 +20,7 @@ def initialize(app, request_host, custom_filter)
 
     # Forces REQUEST_METHOD to GET if required.
     def call(env)
-      if matches_server_name?(env) && was_get_request?(env) && !was_xhr_request?(env) && custom_filter?(env)
+      if matches_server_name?(env) && was_get_request?(env) && !xhr_request?(env) && custom_filter?(env)
         env["REQUEST_METHOD"] = "GET"
       end
       @app.call env
@@ -33,11 +33,18 @@ def matches_server_name?(env)
     end
 
     def was_get_request?(env)
+      !submitted_via_rails_form?(env)
+    end
+
+    # We assume that Rails inserts a hidden parameter called `utf8` for all non
+    # GET requests.
+    def submitted_via_rails_form?(env)
       form_hash = env["rack.request.form_hash"] || {}
-      !form_hash["utf8"]
+      form_hash["utf8"]
     end
 
-    def was_xhr_request?(env)
+    # XHR requests generated by JavaScript should be left alone
+    def xhr_request?(env)
       env['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest'
     end