diff options
| author | Elrond <elrond+mediagoblin.org@samba-tng.org> | 2011-12-03 21:20:11 +0100 |
|---|---|---|
| committer | Elrond <elrond+mediagoblin.org@samba-tng.org> | 2011-12-03 21:25:55 +0100 |
| commit | 71c6c432a5fe8fe0f96dac284562a8e1b981d669 (patch) | |
| tree | 72fefb5d171bfe0211371027ffc94e175b907162 /mediagoblin/tools/template.py | |
| parent | 968dd9e735eeeee9da0d1c10735e9bba2817e7c0 (diff) | |
| download | mediagoblin-71c6c432a5fe8fe0f96dac284562a8e1b981d669.tar.lz mediagoblin-71c6c432a5fe8fe0f96dac284562a8e1b981d669.tar.xz mediagoblin-71c6c432a5fe8fe0f96dac284562a8e1b981d669.zip | |
Bug #685: only provide CSRF token if it exists
This was suggested by Nathan Yergler in the bug logs.
Just implementing it.
- Let render_csrf_form_token return None, if the CSRF_TOKEN
is not available in the environ, because the
process_request part of the meddleware has not yet run.
- In render_template: If the returned value from above is
None, then do not add the csrf_token to the templates
context.
Diffstat (limited to 'mediagoblin/tools/template.py')
| -rw-r--r-- | mediagoblin/tools/template.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/mediagoblin/tools/template.py b/mediagoblin/tools/template.py index f48b7c2e..d0400347 100644 --- a/mediagoblin/tools/template.py +++ b/mediagoblin/tools/template.py @@ -79,7 +79,9 @@ def render_template(request, template_path, context): template = request.template_env.get_template( template_path) context['request'] = request - context['csrf_token'] = render_csrf_form_token(request) + rendered_csrf_token = render_csrf_form_token(request) + if rendered_csrf_token is not None: + context['csrf_token'] = render_csrf_form_token(request) rendered = template.render(context) if common.TESTS_ENABLED: |