Skip to content
This repository has been archived by the owner on Apr 30, 2024. It is now read-only.

Move imports inside of csrf_check #189

Merged
merged 2 commits into from
Jul 6, 2022
Merged

Move imports inside of csrf_check #189

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c8fd005
Move imports inside of csrf_check
patkujawa-wf Jul 5, 2022
9469575
Bump version
patkujawa-wf Jul 5, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 4 additions & 5 deletions furious/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,20 +14,19 @@
# limitations under the License.
#

import logging

import webapp2


def csrf_check(request):
"""
Throws an HTTP 403 error if a CSRF attack is detected, same logic as the deferred module.

https://cloud.google.com/appengine/docs/standard/python/refdocs/modules/google/appengine/ext/deferred/deferred
"""
import logging
import webapp2

in_prod = (
not request.environ.get("SERVER_SOFTWARE").startswith("Devel"))
if in_prod and request.environ.get("REMOTE_ADDR") != "0.1.0.2":
logging.error("Detected an attempted CSRF attack from {}. This request did "
"not originate from Task Queue.".format(request.environ.get("REMOTE_ADDR")))
webapp2.abort(403)
webapp2.abort(403)
2 changes: 1 addition & 1 deletion furious/_pkg_meta.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
version_info = (1, 6, 4)
version_info = (1, 6, 5)
version = '.'.join(map(str, version_info))