Switch the CSRF token to logging only to test for a little while in prod.
This commit is contained in:
yackob03
parent
d38c3e8efe
commit
05febb1a0c
1 changed files with 8 additions and 1 deletions
|
|
@ -37,6 +37,7 @@ route_data = None
|
|||
|
||||
api = Blueprint('api', __name__)
|
||||
|
||||
|
||||
@api.before_request
|
||||
def csrf_protect():
|
||||
if request.method != "GET" and request.method != "HEAD":
|
||||
|
|
@ -45,7 +46,13 @@ def csrf_protect():
|
|||
|
||||
# TODO: add if not token here, once we are sure all sessions have a token.
|
||||
if token != found_token:
|
||||
abort(403)
|
||||
msg = 'CSRF Failure. Session token was %s and request token was %s'
|
||||
logger.error(msg, token, found_token)
|
||||
|
||||
if not token:
|
||||
req_user = current_user.db_user().username if current_user else None
|
||||
logger.warning('No CSRF token in session for current user: %s' %
|
||||
req_user)
|
||||
|
||||
|
||||
def get_route_data():
|
||||
|
|
|
|||
Reference in a new issue