def process_request(self, request): """Requires a valid XSRF token on POST requests.""" # we only care about POST if request.method != 'POST': return None # HTTPRequests from AppEngine do not have to have a key if ('HTTP_X_APPENGINE_CRON' in os.environ or 'HTTP_X_APPENGINE_QUEUENAME' in os.environ): return None post_token = request.POST.get('xsrf_token') if not post_token: logging.warn('Missing XSRF token for post data %s', request.POST) return http.HttpResponse('Missing XSRF token.', status=httplib.FORBIDDEN) try: xsrfutil.isTokenValid(_GetSecretKey(request), post_token) except xsrfutil.InvalidTokenException as e: logging.warn('Invalid XSRF token for post data %s', request.POST) return http.HttpResponse('Invalid XSRF token, %s' % e.reason, status=httplib.FORBIDDEN) # token valid, return None and continue processing the request. return None
def process_request(self, request): """Requires a valid XSRF token on POST requests.""" # we only care about POST if request.method != 'POST': return None # HTTPRequests from AppEngine do not have to have a key if ('HTTP_X_APPENGINE_CRON' in os.environ or 'HTTP_X_APPENGINE_QUEUENAME' in os.environ): return None post_token = request.POST.get('xsrf_token') if not post_token: logging.warn('Missing XSRF token for post data %s', request.POST) return http.HttpResponse('Missing XSRF token.', status=httplib.FORBIDDEN) try: xsrfutil.isTokenValid(_GetSecretKey(request), post_token) except xsrfutil.InvalidTokenException as e: logging.warn('Invalid XSRF token for post data %s', request.POST) return http.HttpResponse( 'Invalid XSRF token, %s' % e.reason, status=httplib.FORBIDDEN) # token valid, return None and continue processing the request. return None
def process_request(self, request): """Requires a valid XSRF token on POST requests.""" # we only care about POST if request.method != 'POST': return None # HTTPRequests from AppEngine do not have to have a key app_engine_request = ('HTTP_X_APPENGINE_CRON' in os.environ) or \ ('HTTP_X_APPENGINE_QUEUENAME' in os.environ) if app_engine_request: return None post_token = request.POST.get('xsrf_token') if not post_token: logging.warn('Missing XSRF token for post data %s' % (request.POST)) return http.HttpResponse('Missing XSRF token.', status=403) result = xsrfutil.isTokenValid(self._getSecretKey(request), post_token) if result is True: return None logging.warn('Invalid XSRF token for post data %s' % (request.POST)) return http.HttpResponse('Invalid XSRF token: %s' % result, status=403)
def process_request(self, request): """Requires a valid XSRF token on POST requests.""" # we only care about POST if request.method != 'POST': return None # HTTPRequests from AppEngine do not have to have a key app_engine_request = ('HTTP_X_APPENGINE_CRON' in os.environ) or \ ('HTTP_X_APPENGINE_QUEUENAME' in os.environ) if app_engine_request: return None post_token = request.POST.get('xsrf_token') if not post_token: return http.HttpResponse('Missing XSRF token.', status=403) if not xsrfutil.isTokenValid(self._getSecretKey(request), post_token): return http.HttpResponse('Invalid XSRF token.', status=403) return None