imbolc avatar imbolc committed 0970d3f

added csrf_token template var

Comments (0)

Files changed (2)

pysi/middlewares.py

 import base64
 import uuid
 
+try:
+    from jinja2 import Markup
+except ImportError:
+    Makrup = None
+
 from pysi import cfg
 from util import anticache_headers
 from wsgi import get_error_page
     CSRF_TOKEN_COOKIE_NAME = 'csrf',
     CSRF_TOKEN_POST_NAME = 'csrf',
     CSRF_TOKEN_TEMPLATE_NAME = 'csrf',
+    CSRF_TOKEN_TEMPLATE_INPUT_NAME = 'csrf_token',
     CSRF_EXEMPT_PREFIXES = (),
 )
 
                     if token is not None:
                         res.delete_cookie(cfg.CSRF_TOKEN_COOKIE_NAME)
                     raise res
-        rq.context[cfg.CSRF_TOKEN_TEMPLATE_NAME] = token or uuid.uuid4().hex
+        token = token or uuid.uuid4().hex
+        rq.context[cfg.CSRF_TOKEN_TEMPLATE_NAME] = token
+        if Markup:
+            rq.context[cfg.CSRF_TOKEN_TEMPLATE_INPUT_NAME] = Markup(
+                '<div style="display:none">' +
+                '<input type="hidden" name="%s" value="%s" /></div>' %
+                    (cfg.CSRF_TOKEN_TEMPLATE_NAME, token))
 
     def process_response(self, rq, res):
         if cfg.CSRF_TOKEN_COOKIE_NAME not in rq.COOKIES:
 import os
 from setuptools import setup
 
-VERSION = '0.10.0'
+VERSION = '0.10.1'
 PACKAGE = 'pysi'
 
 if __name__ == '__main__':
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.