def add_csrf_field(match):
"""Returns the matched <form> tag plus the added <input> element"""
return (match.group() +
'\n<input type="hidden" name="%s" value="%s">' %
(self.settings.CSRF.form_token_name,
functions.csrf_token()))
def add_csrf_field(match):
"""Returns the matched <form> tag plus the added <input> element"""
return match.group() + '\n<input type="hidden" name="%s" value="%s">' % (
self.settings.CSRF.form_token_name,
functions.csrf_token(),
)
def process_response(self, request, response):
if not self.settings.get_var('CSRF/enable', False):
return response
token = functions.csrf_token()
response.set_cookie(self.settings.CSRF.cookie_token_name,
token,
max_age=self.settings.CSRF.timeout)
if getattr(response, 'csrf_pass', False):
return response
if response.headers['Content-Type'].split(';')[0] in _HTML_TYPES:
def add_csrf_field(match):
"""Returns the matched <form> tag plus the added <input> element"""
return (match.group() +
'\n<input type="hidden" name="%s" value="%s">' %
(self.settings.CSRF.form_token_name,
functions.csrf_token()))
# Modify any POST forms
response.data = _POST_FORM_RE.sub(add_csrf_field, response.data)
return response
def process_response(self, request, response):
if not self.settings.get_var("CSRF/enable", False):
return response
token = functions.csrf_token()
response.set_cookie(self.settings.CSRF.cookie_token_name, token, max_age=self.settings.CSRF.timeout)
if getattr(response, "csrf_pass", False):
return response
if response.headers["Content-Type"].split(";")[0] in _HTML_TYPES:
def add_csrf_field(match):
"""Returns the matched <form> tag plus the added <input> element"""
return match.group() + '\n<input type="hidden" name="%s" value="%s">' % (
self.settings.CSRF.form_token_name,
functions.csrf_token(),
)
# Modify any POST forms
response.data = _POST_FORM_RE.sub(add_csrf_field, response.data)
return response
