def __call__(self, environ, start_response):
request = Request(environ)
self.session = environ['beaker.session']
self.session.save()
if self.is_valid(request):
resp = request.get_response(self.app)
else:
resp = HTTPForbidden(CSRF_ERR)
return resp(environ, start_response)
if 'text/html' in resp.headers.get('Content-type', ''):
token = anti_csrf.get_response_token(request, resp)
new_response = anti_csrf.apply_token(resp.unicode_body, token)
resp.unicode_body = new_response
return resp(environ, start_response)
else:
response_value = resp(environ, start_response)
return response_value
