I am trying to implement Csrf_protection for faye pub/sub chat app (tutorial is here: http://faye.jcoglan.com/security/csrf.html)
class CsrfProtection def incoming(message, request, callback) session_token = request.session['_csrf_token'] message_token = message['ext'] && message['ext'].delete('csrfToken') byebug unless session_token == message_token message['error'] = '401::Access denied' end callback.call(message) end end The idea is that -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/b8dbfba6-43f8-436e-b022-c43ca879e75f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.