module ActionController::HttpAuthentication::Basic::ControllerMethods::ClassMethods
def http_basic_authenticate_with(options = {})
def http_basic_authenticate_with(options = {}) before_action(options.except(:name, :password, :realm)) do authenticate_or_request_with_http_basic(options[:realm] || "Application") do |name, password| # This comparison uses & so that it doesn't short circuit and # uses `secure_compare` so that length information # isn't leaked. ActiveSupport::SecurityUtils.secure_compare(name, options[:name]) & ActiveSupport::SecurityUtils.secure_compare(password, options[:password]) end end end