WIP: add csrf token to every request

author: Roald de Vries <rdevries@thoughtworks.com> 2016-12-01 10:36:29 +0100
committer: Roald de Vries <rdevries@thoughtworks.com> 2016-12-01 10:36:39 +0100
commit: 770b439c8495c3a0b16550c2f04740f31646d66b (patch)
tree: 46ed7570ed1b742aca55c22f3efa5532a861cbee /service/pixelated/resources/__init__.py
parent: 13378255c02b97184132881599ed47826963f54a (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/service/pixelated/resources/__init__.py b/service/pixelated/resources/__init__.py
index 97346a6f..023758de 100644
--- a/service/pixelated/resources/__init__.py
+++ b/service/pixelated/resources/__init__.py
@@ -66,7 +66,7 @@ class BaseResource(Resource):
         self._services_factory = services_factory
 
     def _add_csrf_cookie(self, request):
-        csrf_token = hashlib.sha256(os.urandom(CSRF_TOKEN_LENGTH)).hexdigest()
+        csrf_token = IPixelatedSession(request.getSession()).get_csrf_token()
         request.addCookie('XSRF-TOKEN', csrf_token)
         log.debug('XSRF-TOKEN added: %s' % csrf_token)
author	Roald de Vries <rdevries@thoughtworks.com>	2016-12-01 10:36:29 +0100
committer	Roald de Vries <rdevries@thoughtworks.com>	2016-12-01 10:36:39 +0100
commit	770b439c8495c3a0b16550c2f04740f31646d66b (patch)
tree	46ed7570ed1b742aca55c22f3efa5532a861cbee /service/pixelated/resources/__init__.py
parent	13378255c02b97184132881599ed47826963f54a (diff)