Style fixes

2013-12-28 19:56:23 -05:00 · 2013-12-28 19:56:23 -05:00 · b598c7ec85
commit b598c7ec85
parent 21ac1c9210
3 changed files with 8 additions and 7 deletions
--- a/endpoints/common.py
+++ b/endpoints/common.py
@ -2,7 +2,7 @@ import logging
 import os
 import base64

-from flask import request, make_response, jsonify, abort, url_for, session
+from flask import request, abort, session
 from flask.ext.login import login_user, UserMixin
 from flask.ext.principal import identity_changed

@ -55,7 +55,7 @@ def common_login(db_user):
 def csrf_protect():
  if request.method != "GET" and request.method != "HEAD":
    token = session.get('_csrf_token', None)
-    found_token = request.args.get('_csrf_token', request.form.get('_csrf_token', None))
+    found_token = request.values.get('_csrf_token', None)

    # TODO: add if not token here, once we are sure all sessions have a token.
    if token != found_token:
@ -65,6 +65,7 @@ def csrf_protect():
 def generate_csrf_token():
  if '_csrf_token' not in session:
    session['_csrf_token'] = base64.b64encode(os.urandom(48))
+
  return session['_csrf_token']

 app.jinja_env.globals['csrf_token'] = generate_csrf_token