(self, reason, token_source)
| 340 | raise RejectRequest(REASON_BAD_REFERER % referer.geturl()) |
| 341 | |
| 342 | def _bad_token_message(self, reason, token_source): |
| 343 | if token_source != "POST": |
| 344 | # Assume it is a settings.CSRF_HEADER_NAME value. |
| 345 | header_name = HttpHeaders.parse_header_name(token_source) |
| 346 | token_source = f"the {header_name!r} HTTP header" |
| 347 | return f"CSRF token from {token_source} {reason}." |
| 348 | |
| 349 | def _check_token(self, request): |
| 350 | # Access csrf_secret via self._get_secret() as rotate_token() may have |
no test coverage detected