I am trying to implement Csrf_protection for faye pub/sub chat app
(tutorial is here: Faye: Simple pub/sub messaging for the web)
class CsrfProtection
def incoming(message, request, callback)
session_token = request.session[‘_csrf_token’]
message_token = message[‘ext’] && message[‘ext’].delete(‘csrfToken’)
byebug
unless session_token == message_token
message[‘error’] = ‘401::Access denied’
end
callback.call(message)
end
end
The idea is that