#361: Removing additional secret key, per CW's request.

2011-10-01 14:24:49 -07:00 · 2011-10-01 14:24:49 -07:00 · 9202e5a1e1
commit 9202e5a1e1
parent 4f475d3024
2 changed files with 1 additions and 2 deletions
--- a/mediagoblin/config_spec.ini
+++ b/mediagoblin/config_spec.ini
@ -42,7 +42,6 @@ celery_setup_elsewhere = boolean(default=False)
 allow_attachments = boolean(default=False)

 # Cookie stuff
-secret_key = string(default="Something Super Duper Secrit!")
 csrf_cookie_name = string(default='mediagoblin_nonce')

 [storage:publicstore]
--- a/mediagoblin/middleware/csrf.py
+++ b/mediagoblin/middleware/csrf.py
@ -106,7 +106,7 @@ class CsrfMiddleware(object):

        return hashlib.md5("%s%s" %
                           (randrange(0, self.MAX_CSRF_KEY),
-                            mg_globals.app_config['secret_key'])).hexdigest()
+                            randrange(0, self.MAX_CSRF_KEY))).hexdigest()

    def verify_tokens(self, request):
        """Verify that the CSRF Cookie exists and that it matches the