summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--pyramid/session.py4
1 files changed, 2 insertions, 2 deletions
diff --git a/pyramid/session.py b/pyramid/session.py
index a95c3f258..c4cfc1949 100644
--- a/pyramid/session.py
+++ b/pyramid/session.py
@@ -125,8 +125,8 @@ def check_csrf_token(request,
.. versionadded:: 1.4a2
"""
- supplied_token = request.params.get(token, request.headers.get(header))
- if supplied_token != request.session.get_csrf_token():
+ supplied_token = request.params.get(token, request.headers.get(header, ""))
+ if strings_differ(request.session.get_csrf_token(), supplied_token):
if raises:
raise BadCSRFToken('check_csrf_token(): Invalid token')
return False
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-25 11:34:32 +0000