CSRF protection for faye pub/sub

I am trying to implement Csrf_protection for faye pub/sub chat app (tutorial is here: Faye: Simple pub/sub messaging for the web)

class CsrfProtection

def incoming(message, request, callback) session_token = request.session[‘_csrf_token’] message_token = message[‘ext’] && message[‘ext’].delete(‘csrfToken’) byebug unless session_token == message_token message[‘error’] = ‘401::Access denied’ end

callback.call(message) end end


The idea is that