Ruby on Rails CSRF token creation

The code to create a CSRF token in Ruby on Rails is:

      def mask_token(raw_token) # :doc:
        one_time_pad = SecureRandom.random_bytes(AUTHENTICITY_TOKEN_LENGTH)
        encrypted_csrf_token = xor_byte_strings(one_time_pad, raw_token)
        masked_token = one_time_pad + encrypted_csrf_token

What is the point of doing this if the one_time_pad is included in the masked token anyway? Why can't the raw token be used directly?

How many English words
do you know?
Test your English vocabulary size, and measure
how many words do you know
Online Test
Powered by Examplum