Merge pull request #5957 from freedomofpress/remove-python2-csrf-catch

Remove workaround for CSRF token set under Python 2
freedomofpress · May 26, 2021 · bac4677 · bac4677
2 parents b6dcf55 + 68907b0
commit bac4677
Showing 1 changed file with 0 additions and 12 deletions.
diff --git a/securedrop/journalist_app/__init__.py b/securedrop/journalist_app/__init__.py
@@ -9,7 +9,6 @@
 from flask_babel import gettext
 from flask_wtf.csrf import CSRFProtect, CSRFError
 from os import path
-import sys
 from werkzeug.exceptions import default_exceptions
 
 import i18n
@@ -150,17 +149,6 @@ def setup_g() -> 'Optional[Response]':
                                       'SESSION_EXPIRATION_MINUTES',
                                       120))
 
-        # Work around https://github.com/lepture/flask-wtf/issues/275
-        # -- after upgrading from Python 2 to Python 3, any existing
-        # session's csrf_token value will be retrieved as bytes,
-        # causing a TypeError. This simple fix, deleting the existing
-        # token, was suggested in the issue comments. This code will
-        # be safe to remove after Python 2 reaches EOL in 2020, and no
-        # supported SecureDrop installations can still have this
-        # problem.
-        if sys.version_info.major > 2 and type(session.get('csrf_token')) is bytes:
-            del session['csrf_token']
-
         uid = session.get('uid', None)
         if uid:
             g.user = Journalist.query.get(uid)