diff options
| -rw-r--r-- | mediagoblin/config_spec.ini | 1 | ||||
| -rw-r--r-- | mediagoblin/middleware/csrf.py | 2 |
2 files changed, 1 insertions, 2 deletions
diff --git a/mediagoblin/config_spec.ini b/mediagoblin/config_spec.ini index 37fe7130..298a6951 100644 --- a/mediagoblin/config_spec.ini +++ b/mediagoblin/config_spec.ini @@ -42,7 +42,6 @@ celery_setup_elsewhere = boolean(default=False) allow_attachments = boolean(default=False) # Cookie stuff -secret_key = string(default="Something Super Duper Secrit!") csrf_cookie_name = string(default='mediagoblin_nonce') [storage:publicstore] diff --git a/mediagoblin/middleware/csrf.py b/mediagoblin/middleware/csrf.py index d41bcd87..44b799d5 100644 --- a/mediagoblin/middleware/csrf.py +++ b/mediagoblin/middleware/csrf.py @@ -106,7 +106,7 @@ class CsrfMiddleware(object): return hashlib.md5("%s%s" % (randrange(0, self.MAX_CSRF_KEY), - mg_globals.app_config['secret_key'])).hexdigest() + randrange(0, self.MAX_CSRF_KEY))).hexdigest() def verify_tokens(self, request): """Verify that the CSRF Cookie exists and that it matches the |