def process_request(self, request):
"""Requires a valid XSRF token on POST requests."""
# we only care about POST
if request.method != 'POST':
return None
# HTTPRequests from AppEngine do not have to have a key
if ('HTTP_X_APPENGINE_CRON' in os.environ
or 'HTTP_X_APPENGINE_QUEUENAME' in os.environ):
return None
post_token = request.POST.get('xsrf_token')
if not post_token:
logging.warn('Missing XSRF token for post data %s', request.POST)
return http.HttpResponse('Missing XSRF token.',
status=httplib.FORBIDDEN)
try:
xsrfutil.isTokenValid(_GetSecretKey(request), post_token)
except xsrfutil.InvalidTokenException as e:
logging.warn('Invalid XSRF token for post data %s', request.POST)
return http.HttpResponse('Invalid XSRF token, %s' % e.reason,
status=httplib.FORBIDDEN)
# token valid, return None and continue processing the request.
return None
def process_request(self, request):
"""Requires a valid XSRF token on POST requests."""
# we only care about POST
if request.method != 'POST':
return None
# HTTPRequests from AppEngine do not have to have a key
if ('HTTP_X_APPENGINE_CRON' in os.environ
or 'HTTP_X_APPENGINE_QUEUENAME' in os.environ):
return None
post_token = request.POST.get('xsrf_token')
if not post_token:
logging.warn('Missing XSRF token for post data %s', request.POST)
return http.HttpResponse('Missing XSRF token.', status=httplib.FORBIDDEN)
try:
xsrfutil.isTokenValid(_GetSecretKey(request), post_token)
except xsrfutil.InvalidTokenException as e:
logging.warn('Invalid XSRF token for post data %s', request.POST)
return http.HttpResponse(
'Invalid XSRF token, %s' % e.reason, status=httplib.FORBIDDEN)
# token valid, return None and continue processing the request.
return None
def process_request(self, request):
"""Requires a valid XSRF token on POST requests."""
# we only care about POST
if request.method != 'POST':
return None
# HTTPRequests from AppEngine do not have to have a key
app_engine_request = ('HTTP_X_APPENGINE_CRON' in os.environ) or \
('HTTP_X_APPENGINE_QUEUENAME' in os.environ)
if app_engine_request:
return None
post_token = request.POST.get('xsrf_token')
if not post_token:
logging.warn('Missing XSRF token for post data %s' % (request.POST))
return http.HttpResponse('Missing XSRF token.', status=403)
result = xsrfutil.isTokenValid(self._getSecretKey(request), post_token)
if result is True:
return None
logging.warn('Invalid XSRF token for post data %s' % (request.POST))
return http.HttpResponse('Invalid XSRF token: %s' % result, status=403)
def process_request(self, request):
"""Requires a valid XSRF token on POST requests."""
# we only care about POST
if request.method != 'POST':
return None
# HTTPRequests from AppEngine do not have to have a key
app_engine_request = ('HTTP_X_APPENGINE_CRON' in os.environ) or \
('HTTP_X_APPENGINE_QUEUENAME' in os.environ)
if app_engine_request:
return None
post_token = request.POST.get('xsrf_token')
if not post_token:
return http.HttpResponse('Missing XSRF token.', status=403)
if not xsrfutil.isTokenValid(self._getSecretKey(request), post_token):
return http.HttpResponse('Invalid XSRF token.', status=403)
return None