def process_request(self, request):
"""
Add a CSRF token to the session for logged-in users.
The token is available at request.csrf_token.
"""
if hasattr(request, 'csrf_token'):
return
if is_user_authenticated(request):
if 'csrf_token' not in request.session:
token = django_get_new_csrf_string()
request.csrf_token = request.session['csrf_token'] = token
else:
request.csrf_token = request.session['csrf_token']
else:
key = None
token = ''
if ANON_COOKIE in request.COOKIES:
key = request.COOKIES[ANON_COOKIE]
token = cache.get(prep_key(key), '')
if ANON_ALWAYS:
# pretend that anonymous_csrf was applied to the view
if not key:
key = django_get_new_csrf_string()
if not token:
token = django_get_new_csrf_string()
request._anon_csrf_key = key
cache.set(prep_key(key), token, ANON_TIMEOUT)
request.csrf_token = token
def process_request(self, request):
"""
Add a CSRF token to the session for logged-in users.
The token is available at request.csrf_token.
"""
if hasattr(request, 'csrf_token'):
return
if is_user_authenticated(request):
if 'csrf_token' not in request.session:
token = django_get_new_csrf_string()
request.csrf_token = request.session['csrf_token'] = token
else:
request.csrf_token = request.session['csrf_token']
else:
key = None
token = ''
if ANON_COOKIE in request.COOKIES:
key = request.COOKIES[ANON_COOKIE]
token = cache.get(prep_key(key), '')
if ANON_ALWAYS:
if not key:
key = django_get_new_csrf_string()
if not token:
token = django_get_new_csrf_string()
request._anon_csrf_key = key
cache.set(prep_key(key), token, ANON_TIMEOUT)
request.csrf_token = token
def wrapper(request, *args, **kw):
use_anon_cookie = not (is_user_authenticated(request) or ANON_ALWAYS)
if use_anon_cookie:
if ANON_COOKIE in request.COOKIES:
key = request.COOKIES[ANON_COOKIE]
token = cache.get(prep_key(key)) or django_get_new_csrf_string()
else:
key = django_get_new_csrf_string()
token = django_get_new_csrf_string()
cache.set(prep_key(key), token, ANON_TIMEOUT)
request.csrf_token = token
response = f(request, *args, **kw)
if use_anon_cookie:
# Set or reset the cache and cookie timeouts.
response.set_cookie(ANON_COOKIE, key, max_age=ANON_TIMEOUT,
httponly=True, secure=request.is_secure())
patch_vary_headers(response, ['Cookie'])
return response
def wrapper(request, *args, **kw):
use_anon_cookie = not (is_user_authenticated(request) or ANON_ALWAYS)
if use_anon_cookie:
if ANON_COOKIE in request.COOKIES:
key = request.COOKIES[ANON_COOKIE]
token = cache.get(
prep_key(key)) or django_get_new_csrf_string()
else:
key = django_get_new_csrf_string()
token = django_get_new_csrf_string()
cache.set(prep_key(key), token, ANON_TIMEOUT)
request.csrf_token = token
response = f(request, *args, **kw)
if use_anon_cookie:
# Set or reset the cache and cookie timeouts.
response.set_cookie(ANON_COOKIE,
key,
max_age=ANON_TIMEOUT,
httponly=True,
secure=request.is_secure())
patch_vary_headers(response, ['Cookie'])
return response
