From 6ca8c2256936f6b613a371f654261810179a5134 Mon Sep 17 00:00:00 2001
From: Michael Hall <mhall119@gmail.com>
Date: Sat, 7 Jul 2018 16:54:52 -0400
Subject: [PATCH] Don't throw a 500 error when verifying csrf token on a
 session without a cookie

---
 events/utils.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/events/utils.py b/events/utils.py
index 26f12bf..3234056 100644
--- a/events/utils.py
+++ b/events/utils.py
@@ -28,7 +28,7 @@ def verify_csrf(token_key='csrftoken'):
     def wrap_view(view_func):
         def check_csrf_token(request, *args, **kwargs):
             csrf_token = _sanitize_token(request.GET.get(token_key, ''))
-            match = _compare_salted_tokens(csrf_token, request.COOKIES[settings.CSRF_COOKIE_NAME])
+            match = _compare_salted_tokens(csrf_token, request.COOKIES.get(settings.CSRF_COOKIE_NAME, ''))
             if not match:
                 raise PermissionDenied
             else: