p15693087
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Refs #32800 -- Renamed _set_token() to _set_csrf_cookie().

This commit is contained in:
Chris Jerdonek 2021-08-03 01:59:49 -04:00 committed by Carlton Gibson
parent 26d8e3f302
commit f10553ec93
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
django/middleware/csrf.py
View File

@ -229,7 +229,7 @@ class CsrfViewMiddleware(MiddlewareMixin):
request.META['CSRF_COOKIE_NEEDS_UPDATE'] = True request.META['CSRF_COOKIE_NEEDS_UPDATE'] = True
return csrf_token return csrf_token
def _set_token(self, request, response): def _set_csrf_cookie(self, request, response):
if settings.CSRF_USE_SESSIONS: if settings.CSRF_USE_SESSIONS:
if request.session.get(CSRF_SESSION_KEY) != request.META['CSRF_COOKIE']: if request.session.get(CSRF_SESSION_KEY) != request.META['CSRF_COOKIE']:
request.session[CSRF_SESSION_KEY] = request.META['CSRF_COOKIE'] request.session[CSRF_SESSION_KEY] = request.META['CSRF_COOKIE']
@ -441,14 +441,14 @@ class CsrfViewMiddleware(MiddlewareMixin):
def process_response(self, request, response): def process_response(self, request, response):
if request.META.get('CSRF_COOKIE_NEEDS_UPDATE'): if request.META.get('CSRF_COOKIE_NEEDS_UPDATE'):
self._set_token(request, response) self._set_csrf_cookie(request, response)
# Unset the flag to prevent _set_token() from being unnecessarily # Unset the flag to prevent _set_csrf_cookie() from being
# called again in process_response() by other instances of # unnecessarily called again in process_response() by other
# CsrfViewMiddleware. This can happen e.g. when both a decorator and # instances of CsrfViewMiddleware. This can happen e.g. when both a
# middleware are used. However, CSRF_COOKIE_NEEDS_UPDATE is still # decorator and middleware are used. However,
# respected in subsequent calls e.g. in case rotate_token() is # CSRF_COOKIE_NEEDS_UPDATE is still respected in subsequent calls
# called in process_response() later by custom middleware but before # e.g. in case rotate_token() is called in process_response() later
# those subsequent calls. # by custom middleware but before those subsequent calls.
request.META['CSRF_COOKIE_NEEDS_UPDATE'] = False request.META['CSRF_COOKIE_NEEDS_UPDATE'] = False
return response return response