I am trying to implement Csrf_protection for faye pub/sub chat app (tutorial is here: Faye: Simple pub/sub messaging for the web)
class CsrfProtection
def incoming(message, request, callback) session_token = request.session[‘_csrf_token’] message_token = message[‘ext’] && message[‘ext’].delete(‘csrfToken’) byebug unless session_token == message_token message[‘error’] = ‘401::Access denied’ end
callback.call(message) end end
``
The idea is that