def http_handler(self, request: Request, exc: Exception) -> Response: """For HTTP errors we display a simple text message and set a correct HTTP response status.""" assert isinstance(exc, exceptions.HTTPException) if exc.status_code in {204, 304}: return Response(b"", status_code=exc.status_code) return TextResponse(exc.detail, exc.status_code)
async def __call__( self, scope: Scope, receive: Receive, send: Send, ) -> None: if scope["type"] != "http": await self.app(scope, receive, send) return if "session" not in scope: raise CsrfError("CsrfMiddleware requires SessionMiddleware.") await scope["session"].load() request = scope["request"] if CSRF_SESSION_KEY not in request.session: token = get_generate_random() csrf_token = generate_token(self._secret_key, token) request.session[CSRF_SESSION_KEY] = csrf_token serializer = URLSafeTimedSerializer(self._secret_key, self._salt) timed_token = serializer.dumps( request.session[CSRF_SESSION_KEY], self._salt, ) request.state.csrf_token = request.session[CSRF_SESSION_KEY] request.state.csrf_timed_token = timed_token _this_request_token.set(timed_token) if self.should_check_token(request): try: validate_csrf_token( session_token=request.session[CSRF_SESSION_KEY], timed_token=await self.get_csrf_token(request), secret_key=self._secret_key, salt=self._salt, max_age=self._max_age, ) except CsrfError: response = TextResponse("CSRF token is invalid.", 403) await response(scope, receive, send) return await self.app(scope, receive, send)
def view(request: Request) -> t.Any: return TextResponse("ok")
def error_handler(request, error): return TextResponse("ok")
def view(request): return TextResponse(request.state.csrf_timed_token)
def view(request): nonlocal token_from_request, token_from_helper token_from_request = request.state.csrf_timed_token token_from_helper = csrf_token_helper() return TextResponse("ok")