Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Removed authenticity_token stuff for now. In order for this to work, …

…Juggernaut would have to masquerade as the client. While this would be ideal, this requires knowing the session key name and just starts to make it clunky. @skip_before_filter :verify_authenticity_token@ in the controller is better for now
  • Loading branch information...
commit df55f0f7d1697458e67d2696d8bbb6940b95ed70 1 parent 5ca09f9
@bjeanes authored
Showing with 0 additions and 10 deletions.
  1. +0 −10 lib/juggernaut/client.rb
View
10 lib/juggernaut/client.rb
@@ -1,7 +1,6 @@
require 'timeout'
require 'net/http'
require 'uri'
-require 'openssl'
module Juggernaut
class Client
@@ -146,7 +145,6 @@ def post_request(url, channels = [])
uri = URI.parse(url)
uri.path = '/' if uri.path == ''
params = []
- params << "request_forgery_protection_token=#{authenticity_token}"
params << "client_id=#{id}" if id
params << "session_id=#{session_id}" if session_id
channels.each {|chan| params << "channels[]=#{chan}" }
@@ -172,13 +170,5 @@ def post_request(url, channels = [])
end
true
end
-
- def authenticity_token
- @authenticity_token ||= begin
- key = Juggernaut.options[:protect_from_forgery_secret]
- digest = Juggernaut.options[:protect_from_forgery_digest] || 'SHA1'
- OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new(digest), key.to_s, session_id.to_s)
- end
- end
end
end
Please sign in to comment.
Something went wrong with that request. Please try again.