Return the CSRF token required for a POST form. The token is an alphanumeric value. A new token is created if one is not already set. A side effect of calling this function is to make the csrf_protect decorator and the CsrfViewMiddleware add a CSRF cookie and a 'Vary: Cookie' h
(request)
| 94 | |
| 95 | |
| 96 | def get_token(request): |
| 97 | """ |
| 98 | Return the CSRF token required for a POST form. The token is an |
| 99 | alphanumeric value. A new token is created if one is not already set. |
| 100 | |
| 101 | A side effect of calling this function is to make the csrf_protect |
| 102 | decorator and the CsrfViewMiddleware add a CSRF cookie and a 'Vary: Cookie' |
| 103 | header to the outgoing response. For this reason, you may need to use this |
| 104 | function lazily, as is done by the csrf context processor. |
| 105 | """ |
| 106 | if "CSRF_COOKIE" in request.META: |
| 107 | csrf_secret = request.META["CSRF_COOKIE"] |
| 108 | # Since the cookie is being used, flag to send the cookie in |
| 109 | # process_response() (even if the client already has it) in order to |
| 110 | # renew the expiry timer. |
| 111 | request.META["CSRF_COOKIE_NEEDS_UPDATE"] = True |
| 112 | else: |
| 113 | csrf_secret = _add_new_csrf_cookie(request) |
| 114 | return _mask_cipher_secret(csrf_secret) |
| 115 | |
| 116 | |
| 117 | def rotate_token(request): |