From 770b439c8495c3a0b16550c2f04740f31646d66b Mon Sep 17 00:00:00 2001
From: Roald de Vries <rdevries@thoughtworks.com>
Date: Thu, 1 Dec 2016 10:36:29 +0100
Subject: WIP: add csrf token to every request

---
 service/pixelated/resources/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'service/pixelated/resources/__init__.py')

diff --git a/service/pixelated/resources/__init__.py b/service/pixelated/resources/__init__.py
index 97346a6f..023758de 100644
--- a/service/pixelated/resources/__init__.py
+++ b/service/pixelated/resources/__init__.py
@@ -66,7 +66,7 @@ class BaseResource(Resource):
         self._services_factory = services_factory
 
     def _add_csrf_cookie(self, request):
-        csrf_token = hashlib.sha256(os.urandom(CSRF_TOKEN_LENGTH)).hexdigest()
+        csrf_token = IPixelatedSession(request.getSession()).get_csrf_token()
         request.addCookie('XSRF-TOKEN', csrf_token)
         log.debug('XSRF-TOKEN added: %s' % csrf_token)
 
-- 
cgit v1.2.3