Bug #685: only provide CSRF token if it exists

This was suggested by Nathan Yergler in the bug logs. Just implementing it. - Let render_csrf_form_token return None, if the CSRF_TOKEN is not available in the environ, because the process_request part of the meddleware has not yet run. - In render_template: If the returned value from above is None, then do not add the csrf_token to the templates context.
author: Elrond <elrond+mediagoblin.org@samba-tng.org> 2011-12-03 21:20:11 +0100
committer: Elrond <elrond+mediagoblin.org@samba-tng.org> 2011-12-03 21:25:55 +0100
commit: 71c6c432a5fe8fe0f96dac284562a8e1b981d669 (patch)
tree: 72fefb5d171bfe0211371027ffc94e175b907162 /mediagoblin/meddleware
parent: 968dd9e735eeeee9da0d1c10735e9bba2817e7c0 (diff)
download: mediagoblin-71c6c432a5fe8fe0f96dac284562a8e1b981d669.tar.lz
mediagoblin-71c6c432a5fe8fe0f96dac284562a8e1b981d669.tar.xz
mediagoblin-71c6c432a5fe8fe0f96dac284562a8e1b981d669.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/mediagoblin/meddleware/csrf.py b/mediagoblin/meddleware/csrf.py
index 16541bee..a4e4e5c6 100644
--- a/mediagoblin/meddleware/csrf.py
+++ b/mediagoblin/meddleware/csrf.py
@@ -50,6 +50,9 @@ def render_csrf_form_token(request):
     """Render the CSRF token in a format suitable for inclusion in a
     form."""
 
+    if 'CSRF_TOKEN' not in request.environ:
+        return None
+
     form = CsrfForm(csrf_token=request.environ['CSRF_TOKEN'])
 
     return form.csrf_token
author	Elrond <elrond+mediagoblin.org@samba-tng.org>	2011-12-03 21:20:11 +0100
committer	Elrond <elrond+mediagoblin.org@samba-tng.org>	2011-12-03 21:25:55 +0100
commit	71c6c432a5fe8fe0f96dac284562a8e1b981d669 (patch)
tree	72fefb5d171bfe0211371027ffc94e175b907162 /mediagoblin/meddleware
parent	968dd9e735eeeee9da0d1c10735e9bba2817e7c0 (diff)
download	mediagoblin-71c6c432a5fe8fe0f96dac284562a8e1b981d669.tar.lz mediagoblin-71c6c432a5fe8fe0f96dac284562a8e1b981d669.tar.xz mediagoblin-71c6c432a5fe8fe0f96dac284562a8e1b981d669.zip