From b97ae0fd7da45c32897a4cb8437c04ddf04fdc95 Mon Sep 17 00:00:00 2001 From: Nathan Yergler Date: Sun, 13 Nov 2011 11:41:43 -0800 Subject: [PATCH 1/3] Issue 653: Don't throw exception if response has no vary header. --- mediagoblin/middleware/csrf.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mediagoblin/middleware/csrf.py b/mediagoblin/middleware/csrf.py index 7a5e352e..6c977f21 100644 --- a/mediagoblin/middleware/csrf.py +++ b/mediagoblin/middleware/csrf.py @@ -98,7 +98,7 @@ class CsrfMiddleware(object): httponly=True) # update the Vary header - response.vary = (response.vary or []) + ['Cookie'] + response.vary = getattr(response, 'vary', []) + ['Cookie'] def _make_token(self, request): """Generate a new token to use for CSRF protection.""" From ad3f1233df672688c09ab923d8bb216a351db8cb Mon Sep 17 00:00:00 2001 From: Nathan Yergler Date: Sun, 13 Nov 2011 11:59:24 -0800 Subject: [PATCH 2/3] Issue 653: Handle the case where request.vary is None --- mediagoblin/middleware/csrf.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mediagoblin/middleware/csrf.py b/mediagoblin/middleware/csrf.py index 6c977f21..d0601af8 100644 --- a/mediagoblin/middleware/csrf.py +++ b/mediagoblin/middleware/csrf.py @@ -98,7 +98,7 @@ class CsrfMiddleware(object): httponly=True) # update the Vary header - response.vary = getattr(response, 'vary', []) + ['Cookie'] + response.vary = (getattr(response, 'vary') or []) + ['Cookie'] def _make_token(self, request): """Generate a new token to use for CSRF protection.""" From d9ed3aeb402fc66de2a79d145b5a443c9e660c18 Mon Sep 17 00:00:00 2001 From: Nathan Yergler Date: Sun, 13 Nov 2011 12:07:09 -0800 Subject: [PATCH 3/3] Issue 653: This time for sure! --- mediagoblin/middleware/csrf.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mediagoblin/middleware/csrf.py b/mediagoblin/middleware/csrf.py index d0601af8..8275c18e 100644 --- a/mediagoblin/middleware/csrf.py +++ b/mediagoblin/middleware/csrf.py @@ -98,7 +98,7 @@ class CsrfMiddleware(object): httponly=True) # update the Vary header - response.vary = (getattr(response, 'vary') or []) + ['Cookie'] + response.vary = (getattr(response, 'vary', None) or []) + ['Cookie'] def _make_token(self, request): """Generate a new token to use for CSRF protection."""