diff options
| author | Nathan Yergler <nathan@yergler.net> | 2011-10-01 14:24:49 -0700 |
|---|---|---|
| committer | Nathan Yergler <nathan@yergler.net> | 2011-10-01 14:24:49 -0700 |
| commit | 9202e5a1e15183b134fa15c4e1290dea8ed2acbe (patch) | |
| tree | 68419bb611e8ff2c7c11c1296461db62611bc845 | |
| parent | 4f475d3024f689c1c461dc26bd679dfb514a46ef (diff) | |
| download | mediagoblin-9202e5a1e15183b134fa15c4e1290dea8ed2acbe.tar.lz mediagoblin-9202e5a1e15183b134fa15c4e1290dea8ed2acbe.tar.xz mediagoblin-9202e5a1e15183b134fa15c4e1290dea8ed2acbe.zip | |
#361: Removing additional secret key, per CW's request.
| -rw-r--r-- | mediagoblin/config_spec.ini | 1 | ||||
| -rw-r--r-- | mediagoblin/middleware/csrf.py | 2 |
2 files changed, 1 insertions, 2 deletions
diff --git a/mediagoblin/config_spec.ini b/mediagoblin/config_spec.ini index 37fe7130..298a6951 100644 --- a/mediagoblin/config_spec.ini +++ b/mediagoblin/config_spec.ini @@ -42,7 +42,6 @@ celery_setup_elsewhere = boolean(default=False) allow_attachments = boolean(default=False) # Cookie stuff -secret_key = string(default="Something Super Duper Secrit!") csrf_cookie_name = string(default='mediagoblin_nonce') [storage:publicstore] diff --git a/mediagoblin/middleware/csrf.py b/mediagoblin/middleware/csrf.py index d41bcd87..44b799d5 100644 --- a/mediagoblin/middleware/csrf.py +++ b/mediagoblin/middleware/csrf.py @@ -106,7 +106,7 @@ class CsrfMiddleware(object): return hashlib.md5("%s%s" % (randrange(0, self.MAX_CSRF_KEY), - mg_globals.app_config['secret_key'])).hexdigest() + randrange(0, self.MAX_CSRF_KEY))).hexdigest() def verify_tokens(self, request): """Verify that the CSRF Cookie exists and that it matches the |