diff --git a/endpoints/common.py b/endpoints/common.py index 25e25abf3..49793244a 100644 --- a/endpoints/common.py +++ b/endpoints/common.py @@ -2,7 +2,7 @@ import logging import os import base64 -from flask import request, make_response, jsonify, abort, url_for, session +from flask import request, abort, session from flask.ext.login import login_user, UserMixin from flask.ext.principal import identity_changed @@ -55,7 +55,7 @@ def common_login(db_user): def csrf_protect(): if request.method != "GET" and request.method != "HEAD": token = session.get('_csrf_token', None) - found_token = request.args.get('_csrf_token', request.form.get('_csrf_token', None)) + found_token = request.values.get('_csrf_token', None) # TODO: add if not token here, once we are sure all sessions have a token. if token != found_token: @@ -63,8 +63,9 @@ def csrf_protect(): def generate_csrf_token(): - if '_csrf_token' not in session: - session['_csrf_token'] = base64.b64encode(os.urandom(48)) - return session['_csrf_token'] + if '_csrf_token' not in session: + session['_csrf_token'] = base64.b64encode(os.urandom(48)) + + return session['_csrf_token'] app.jinja_env.globals['csrf_token'] = generate_csrf_token diff --git a/endpoints/web.py b/endpoints/web.py index 63c68a8b7..62c798cb2 100644 --- a/endpoints/web.py +++ b/endpoints/web.py @@ -20,7 +20,7 @@ logger = logging.getLogger(__name__) def render_page_template(name): - resp = make_response(render_template(name, route_data = get_route_data())) + resp = make_response(render_template(name, route_data=get_route_data())) resp.headers['X-FRAME-OPTIONS'] = 'DENY' return resp diff --git a/static/js/app.js b/static/js/app.js index ee5136b99..cf9d76f6e 100644 --- a/static/js/app.js +++ b/static/js/app.js @@ -724,7 +724,7 @@ quayApp = angular.module('quay', ['ngRoute', 'chieffancypants.loadingBar', 'rest otherwise({redirectTo: '/'}); }]). config(function(RestangularProvider) { - RestangularProvider.setBaseUrl('/api/'); + RestangularProvider.setBaseUrl('/api/'); });