diff options
| -rw-r--r-- | pyramid/session.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/pyramid/session.py b/pyramid/session.py index b3be68705..a4cdf910d 100644 --- a/pyramid/session.py +++ b/pyramid/session.py @@ -126,7 +126,8 @@ def check_csrf_token(request, .. versionadded:: 1.4a2 """ supplied_token = request.params.get(token, request.headers.get(header, "")) - if strings_differ(request.session.get_csrf_token(), supplied_token): + expected_token = request.session.get_csrf_token() + if strings_differ(bytes_(expected_token), bytes_(supplied_token)): if raises: raise BadCSRFToken('check_csrf_token(): Invalid token') return False |