CSRF protection for faye pub/sub
14 views
Skip to first unread message
Wenqin Ye
Jul 24, 2015, 1:58:34 AM7/24/15
to Ruby on Rails: Talk
I am trying to implement Csrf_protection for faye pub/sub chat app (tutorial is here: http://faye.jcoglan.com/security/csrf.html)
class CsrfProtection
def incoming(message, request, callback)
session_token = request.session['_csrf_token']
message_token = message['ext'] && message['ext'].delete('csrfToken')
byebug
unless session_token == message_token
message['error'] = '401::Access denied'
end
callback.call(message)
end
endThe idea is that
Reply all
Reply to author
Forward
0 new messages