Removed authenticity_token stuff for now. In order for this to work, …

…Juggernaut would have to masquerade as the client. While this would be ideal, this requires knowing the session key name and just starts to make it clunky. @skip_before_filter :verify_authenticity_token@ in the controller is better for now
bjeanes · Oct 8, 2008 · df55f0f · df55f0f
1 parent 5ca09f9
commit df55f0f
Showing 1 changed file with 0 additions and 10 deletions.
diff --git a/lib/juggernaut/client.rb b/lib/juggernaut/client.rb
@@ -1,7 +1,6 @@
 require 'timeout'
 require 'net/http'
 require 'uri'
-require 'openssl'
 
 module Juggernaut
   class Client
@@ -146,7 +145,6 @@ def post_request(url, channels = [])
        uri = URI.parse(url)
        uri.path = '/' if uri.path == ''
        params = []
-       params << "request_forgery_protection_token=#{authenticity_token}"
        params << "client_id=#{id}" if id
        params << "session_id=#{session_id}" if session_id
        channels.each {|chan| params << "channels[]=#{chan}" }
@@ -172,13 +170,5 @@ def post_request(url, channels = [])
        end
        true
      end
-
-     def authenticity_token
-       @authenticity_token ||= begin
-         key = Juggernaut.options[:protect_from_forgery_secret]
-         digest = Juggernaut.options[:protect_from_forgery_digest] || 'SHA1'
-         OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new(digest), key.to_s, session_id.to_s)
-       end
-     end
    end
  end