I am trying to implement Csrf_protection for faye pub/sub chat app
(tutorial is here: http://faye.jcoglan.com/security/csrf.html)
class CsrfProtection
def incoming(message, request, callback)
session_token = request.session['_csrf_token']
message_token = message['ext'] && message['ext'].delete('csrfToken')
byebug
unless session_token == message_token
message['error'] = '401::Access denied'
end
callback.call(message)
end
end
The idea is that
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to rubyonrails-talk+unsubscr...@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/b8dbfba6-43f8-436e-b022-c43ca879e75f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
