def check_csrf(): if 'csrf' not in request.cookies: g.csrf = randstring() else: g.csrf = request.cookies['csrf'] if request.method not in ('HEAD', 'GET'): if 'csrf' not in request.form or 'csrf' not in request.cookies: g.csrf = randstring() abort(403) if request.form['csrf'] != request.cookies['csrf']: g.csrf = randstring() abort(403)
def __init__(self, *args, **kwargs): super(Commenter, self).__init__(*args, **kwargs) if self.cookie is None: self.cookie = randstring() self.when = datetime.utcnow()