bic/GetTogether
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Don't throw a 500 error when verifying csrf token on a session without a cookie

Browse source
This commit is contained in:
Michael Hall 2018-07-07 16:54:52 -04:00
parent 36ba966da7
commit 6ca8c22569
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
events/utils.py
View file

@ -28,7 +28,7 @@ def verify_csrf(token_key='csrftoken'):
def wrap_view(view_func): def wrap_view(view_func):
def check_csrf_token(request, *args, **kwargs): def check_csrf_token(request, *args, **kwargs):
csrf_token = _sanitize_token(request.GET.get(token_key, '')) csrf_token = _sanitize_token(request.GET.get(token_key, ''))
match = _compare_salted_tokens(csrf_token, request.COOKIES[settings.CSRF_COOKIE_NAME]) match = _compare_salted_tokens(csrf_token, request.COOKIES.get(settings.CSRF_COOKIE_NAME, ''))
if not match: if not match:
raise PermissionDenied raise PermissionDenied
else: else: