Skip to content
This repository has been archived by the owner on Feb 8, 2018. It is now read-only.

Commit

Permalink
Use return {} idiom for csrf
Browse files Browse the repository at this point in the history 
Not sure why we reverted this in 24b8cf5. The tests still pass
without setting state early.
  • Loading branch information
@chadwhitacre
chadwhitacre committed Feb 25, 2015
1 parent fc659af commit 124e722
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions gratipay/security/csrf.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ def _sanitize_token(token):



def get_csrf_token_from_request(request, state):
def get_csrf_token_from_request(request):
"""Given a Request object, reject it if it's a forgery.
"""
if request.line.uri.startswith('/assets/'): return
Expand All @@ -72,7 +72,7 @@ def get_csrf_token_from_request(request, state):
except KeyError:
cookie_token = None

state['csrf_token'] = cookie_token or _get_new_csrf_key()
cookie_token or _get_new_csrf_key()

This comment has been minimized.

Sign in to view

Copy link
@Changaco

Changaco Feb 26, 2015

Contributor

That's a noop.

# Assume that anything not defined as 'safe' by RC2616 needs protection
if request.line.method not in ('GET', 'HEAD', 'OPTIONS', 'TRACE'):
Expand All @@ -94,6 +94,8 @@ def get_csrf_token_from_request(request, state):
if not constant_time_compare(second_token, cookie_token):
raise Response(403, REASON_BAD_TOKEN)

return {'csrf_token': second_token}


def add_csrf_token_to_response(response, csrf_token=None):
"""Store the latest CSRF token as a cookie.
Expand Down

0 comments on commit 124e722

Please sign in to comment.