diff options
author | Roald de Vries <rdevries@thoughtworks.com> | 2016-12-01 10:36:29 +0100 |
---|---|---|
committer | Roald de Vries <rdevries@thoughtworks.com> | 2016-12-01 10:36:39 +0100 |
commit | 770b439c8495c3a0b16550c2f04740f31646d66b (patch) | |
tree | 46ed7570ed1b742aca55c22f3efa5532a861cbee /service/pixelated/resources/__init__.py | |
parent | 13378255c02b97184132881599ed47826963f54a (diff) |
WIP: add csrf token to every request
Diffstat (limited to 'service/pixelated/resources/__init__.py')
-rw-r--r-- | service/pixelated/resources/__init__.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/service/pixelated/resources/__init__.py b/service/pixelated/resources/__init__.py index 97346a6f..023758de 100644 --- a/service/pixelated/resources/__init__.py +++ b/service/pixelated/resources/__init__.py @@ -66,7 +66,7 @@ class BaseResource(Resource): self._services_factory = services_factory def _add_csrf_cookie(self, request): - csrf_token = hashlib.sha256(os.urandom(CSRF_TOKEN_LENGTH)).hexdigest() + csrf_token = IPixelatedSession(request.getSession()).get_csrf_token() request.addCookie('XSRF-TOKEN', csrf_token) log.debug('XSRF-TOKEN added: %s' % csrf_token) |