Switch the CSRF token to logging only to test for a little while in prod.
This commit is contained in:
yackob03
parent
d38c3e8efe
commit
05febb1a0c
1 changed files with 8 additions and 1 deletions
|
|
@ -37,6 +37,7 @@ route_data = None
|
||||||
|
|
||||||
api = Blueprint('api', __name__)
|
api = Blueprint('api', __name__)
|
||||||
|
|
||||||
|
|
||||||
@api.before_request
|
@api.before_request
|
||||||
def csrf_protect():
|
def csrf_protect():
|
||||||
if request.method != "GET" and request.method != "HEAD":
|
if request.method != "GET" and request.method != "HEAD":
|
||||||
|
|
@ -45,7 +46,13 @@ def csrf_protect():
|
||||||
|
|
||||||
# TODO: add if not token here, once we are sure all sessions have a token.
|
# TODO: add if not token here, once we are sure all sessions have a token.
|
||||||
if token != found_token:
|
if token != found_token:
|
||||||
abort(403)
|
msg = 'CSRF Failure. Session token was %s and request token was %s'
|
||||||
|
logger.error(msg, token, found_token)
|
||||||
|
|
||||||
|
if not token:
|
||||||
|
req_user = current_user.db_user().username if current_user else None
|
||||||
|
logger.warning('No CSRF token in session for current user: %s' %
|
||||||
|
req_user)
|
||||||
|
|
||||||
|
|
||||||
def get_route_data():
|
def get_route_data():
|
||||||
|
|
|
||||||
Reference in a new issue