From 71c6c432a5fe8fe0f96dac284562a8e1b981d669 Mon Sep 17 00:00:00 2001 From: Elrond Date: Sat, 3 Dec 2011 21:20:11 +0100 Subject: Bug #685: only provide CSRF token if it exists This was suggested by Nathan Yergler in the bug logs. Just implementing it. - Let render_csrf_form_token return None, if the CSRF_TOKEN is not available in the environ, because the process_request part of the meddleware has not yet run. - In render_template: If the returned value from above is None, then do not add the csrf_token to the templates context. --- mediagoblin/tools/template.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'mediagoblin/tools/template.py') diff --git a/mediagoblin/tools/template.py b/mediagoblin/tools/template.py index f48b7c2e..d0400347 100644 --- a/mediagoblin/tools/template.py +++ b/mediagoblin/tools/template.py @@ -79,7 +79,9 @@ def render_template(request, template_path, context): template = request.template_env.get_template( template_path) context['request'] = request - context['csrf_token'] = render_csrf_form_token(request) + rendered_csrf_token = render_csrf_form_token(request) + if rendered_csrf_token is not None: + context['csrf_token'] = render_csrf_form_token(request) rendered = template.render(context) if common.TESTS_ENABLED: -- cgit v1.2.3