I am trying to implement Csrf_protection for faye pub/sub chat app
(tutorial is here: http://faye.jcoglan.com/security/csrf.html)
class CsrfProtection
def incoming(message, request, callback)
session_token = request.session[’_csrf_token’]
message_token = message[‘ext’] && message[‘ext’].delete(‘csrfToken’)
byebug
unless session_token == message_token
message[‘error’] = ‘401::Access denied’
end
callback.call(message)
end
end
The idea is that