1
0
mirror of https://github.com/django/django.git synced 2024-12-31 21:46:05 +00:00

Refs #32800 -- Renamed _set_token() to _set_csrf_cookie().

This commit is contained in:
Chris Jerdonek 2021-08-03 01:59:49 -04:00 committed by Carlton Gibson
parent 26d8e3f302
commit f10553ec93

View File

@ -229,7 +229,7 @@ class CsrfViewMiddleware(MiddlewareMixin):
request.META['CSRF_COOKIE_NEEDS_UPDATE'] = True
return csrf_token
def _set_token(self, request, response):
def _set_csrf_cookie(self, request, response):
if settings.CSRF_USE_SESSIONS:
if request.session.get(CSRF_SESSION_KEY) != request.META['CSRF_COOKIE']:
request.session[CSRF_SESSION_KEY] = request.META['CSRF_COOKIE']
@ -441,14 +441,14 @@ class CsrfViewMiddleware(MiddlewareMixin):
def process_response(self, request, response):
if request.META.get('CSRF_COOKIE_NEEDS_UPDATE'):
self._set_token(request, response)
# Unset the flag to prevent _set_token() from being unnecessarily
# called again in process_response() by other instances of
# CsrfViewMiddleware. This can happen e.g. when both a decorator and
# middleware are used. However, CSRF_COOKIE_NEEDS_UPDATE is still
# respected in subsequent calls e.g. in case rotate_token() is
# called in process_response() later by custom middleware but before
# those subsequent calls.
self._set_csrf_cookie(request, response)
# Unset the flag to prevent _set_csrf_cookie() from being
# unnecessarily called again in process_response() by other
# instances of CsrfViewMiddleware. This can happen e.g. when both a
# decorator and middleware are used. However,
# CSRF_COOKIE_NEEDS_UPDATE is still respected in subsequent calls
# e.g. in case rotate_token() is called in process_response() later
# by custom middleware but before those subsequent calls.
request.META['CSRF_COOKIE_NEEDS_UPDATE'] = False
return response