[Rails] CSRF protection for faye pub/sub

Ruby on Rails Thursday, July 23, 2015

I am trying to implement Csrf_protection for faye pub/sub chat app (tutorial is here: http://faye.jcoglan.com/security/csrf.html)

class CsrfProtection


 def incoming(message, request, callback)
 session_token = request.session['_csrf_token']
 message_token = message['ext'] && message['ext'].delete('csrfToken')
 byebug
 unless session_token == message_token
 message['error'] = '401::Access denied'
 end


 callback.call(message)
 end
end

The idea is that 

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/b8dbfba6-43f8-436e-b022-c43ca879e75f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Posted by Ruby on Rails at 6:00 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)