class Rack::Protection::AuthenticityToken

def mask_token(token)

like BREACH.
on each request. The masking is used to mitigate SSL attacks
Creates a masked version of the authenticity token that varies

def mask_token(token)
  one_time_pad = SecureRandom.random_bytes(token.length)
  encrypted_token = xor_byte_strings(one_time_pad, token)
  masked_token = one_time_pad + encrypted_token
  encode_token(masked_token)
end