(self, request, response)
| 251 | return csrf_secret |
| 252 | |
| 253 | def _set_csrf_cookie(self, request, response): |
| 254 | if settings.CSRF_USE_SESSIONS: |
| 255 | if request.session.get(CSRF_SESSION_KEY) != request.META["CSRF_COOKIE"]: |
| 256 | request.session[CSRF_SESSION_KEY] = request.META["CSRF_COOKIE"] |
| 257 | else: |
| 258 | response.set_cookie( |
| 259 | settings.CSRF_COOKIE_NAME, |
| 260 | request.META["CSRF_COOKIE"], |
| 261 | max_age=settings.CSRF_COOKIE_AGE, |
| 262 | domain=settings.CSRF_COOKIE_DOMAIN, |
| 263 | path=settings.CSRF_COOKIE_PATH, |
| 264 | secure=settings.CSRF_COOKIE_SECURE, |
| 265 | httponly=settings.CSRF_COOKIE_HTTPONLY, |
| 266 | samesite=settings.CSRF_COOKIE_SAMESITE, |
| 267 | ) |
| 268 | # Set the Vary header since content varies with the CSRF cookie. |
| 269 | patch_vary_headers(response, ("Cookie",)) |
| 270 | |
| 271 | def _origin_verified(self, request): |
| 272 | request_origin = request.META["HTTP_ORIGIN"] |
no test coverage detected