diff options
author | Roald de Vries <rdevries@thoughtworks.com> | 2016-11-30 16:11:27 +0100 |
---|---|---|
committer | Roald de Vries <rdevries@thoughtworks.com> | 2016-11-30 16:11:27 +0100 |
commit | 13378255c02b97184132881599ed47826963f54a (patch) | |
tree | 01a47f844f581a12dae9d022be19d4010433633e /service/pixelated/resources/login_resource.py | |
parent | a493da72d53fe90d679d7fa1980dd185415d9be3 (diff) |
add csrf token to login form
Diffstat (limited to 'service/pixelated/resources/login_resource.py')
-rw-r--r-- | service/pixelated/resources/login_resource.py | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/service/pixelated/resources/login_resource.py b/service/pixelated/resources/login_resource.py index fec4307e..7d61ddce 100644 --- a/service/pixelated/resources/login_resource.py +++ b/service/pixelated/resources/login_resource.py @@ -108,6 +108,11 @@ class LoginWebSite(Element): return tag('') @renderer + def csrftoken(self, request, tag): + tag.fillSlots(csrftoken=IPixelatedSession(request.getSession()).get_csrf_token()) + return tag + + @renderer def disclaimer(self, request, tag): return DisclaimerElement(self.disclaimer_banner_file).render(request) @@ -140,6 +145,7 @@ class LoginResource(BaseResource): return NoResource() def render_GET(self, request): + request.getSession() request.setResponseCode(OK) return self._render_template(request) |