def process_request(self, request): """ Add a CSRF token to the session for logged-in users. The token is available at request.csrf_token. """ if hasattr(request, 'csrf_token'): return if is_user_authenticated(request): if 'csrf_token' not in request.session: token = django_get_new_csrf_string() request.csrf_token = request.session['csrf_token'] = token else: request.csrf_token = request.session['csrf_token'] else: key = None token = '' if ANON_COOKIE in request.COOKIES: key = request.COOKIES[ANON_COOKIE] token = cache.get(prep_key(key), '') if ANON_ALWAYS: # pretend that anonymous_csrf was applied to the view if not key: key = django_get_new_csrf_string() if not token: token = django_get_new_csrf_string() request._anon_csrf_key = key cache.set(prep_key(key), token, ANON_TIMEOUT) request.csrf_token = token
def process_request(self, request): """ Add a CSRF token to the session for logged-in users. The token is available at request.csrf_token. """ if hasattr(request, 'csrf_token'): return if is_user_authenticated(request): if 'csrf_token' not in request.session: token = django_get_new_csrf_string() request.csrf_token = request.session['csrf_token'] = token else: request.csrf_token = request.session['csrf_token'] else: key = None token = '' if ANON_COOKIE in request.COOKIES: key = request.COOKIES[ANON_COOKIE] token = cache.get(prep_key(key), '') if ANON_ALWAYS: if not key: key = django_get_new_csrf_string() if not token: token = django_get_new_csrf_string() request._anon_csrf_key = key cache.set(prep_key(key), token, ANON_TIMEOUT) request.csrf_token = token
def wrapper(request, *args, **kw): use_anon_cookie = not (is_user_authenticated(request) or ANON_ALWAYS) if use_anon_cookie: if ANON_COOKIE in request.COOKIES: key = request.COOKIES[ANON_COOKIE] token = cache.get(prep_key(key)) or django_get_new_csrf_string() else: key = django_get_new_csrf_string() token = django_get_new_csrf_string() cache.set(prep_key(key), token, ANON_TIMEOUT) request.csrf_token = token response = f(request, *args, **kw) if use_anon_cookie: # Set or reset the cache and cookie timeouts. response.set_cookie(ANON_COOKIE, key, max_age=ANON_TIMEOUT, httponly=True, secure=request.is_secure()) patch_vary_headers(response, ['Cookie']) return response
def wrapper(request, *args, **kw): use_anon_cookie = not (is_user_authenticated(request) or ANON_ALWAYS) if use_anon_cookie: if ANON_COOKIE in request.COOKIES: key = request.COOKIES[ANON_COOKIE] token = cache.get( prep_key(key)) or django_get_new_csrf_string() else: key = django_get_new_csrf_string() token = django_get_new_csrf_string() cache.set(prep_key(key), token, ANON_TIMEOUT) request.csrf_token = token response = f(request, *args, **kw) if use_anon_cookie: # Set or reset the cache and cookie timeouts. response.set_cookie(ANON_COOKIE, key, max_age=ANON_TIMEOUT, httponly=True, secure=request.is_secure()) patch_vary_headers(response, ['Cookie']) return response