heckyel/mediagoblin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

#361: Removing additional secret key, per CW's request.

Browse Source
This commit is contained in:
Nathan Yergler 2011-10-01 14:24:49 -07:00
parent 4f475d3024
commit 9202e5a1e1
2 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
mediagoblin/config_spec.ini
View File

@ -42,7 +42,6 @@ celery_setup_elsewhere = boolean(default=False)
allow_attachments = boolean(default=False) allow_attachments = boolean(default=False)
# Cookie stuff # Cookie stuff
secret_key = string(default="Something Super Duper Secrit!")
csrf_cookie_name = string(default='mediagoblin_nonce') csrf_cookie_name = string(default='mediagoblin_nonce')
[storage:publicstore] [storage:publicstore]

2
mediagoblin/middleware/csrf.py
View File

@ -106,7 +106,7 @@ class CsrfMiddleware(object):
return hashlib.md5("%s%s" % return hashlib.md5("%s%s" %
(randrange(0, self.MAX_CSRF_KEY), (randrange(0, self.MAX_CSRF_KEY),
mg_globals.app_config['secret_key'])).hexdigest() randrange(0, self.MAX_CSRF_KEY))).hexdigest()
def verify_tokens(self, request): def verify_tokens(self, request):
"""Verify that the CSRF Cookie exists and that it matches the """Verify that the CSRF Cookie exists and that it matches the