[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [ooni-probe/master] ui/web/server.py: pass binary, not unicode cookies



commit 21548e9f0f53100336ef4f22d423f5f728a117e5
Author: Simone Basso <bassosimone@xxxxxxxxx>
Date:   Mon Sep 19 11:04:53 2016 +0200

    ui/web/server.py: pass binary, not unicode cookies
    
    It seems that Twisted has added a function enforcing binary
    data (not unicode, or str) when sending to the network.
    
    Thus, make sure that we pass cookies as binary (more specifically
    ascii encoded data) to avoid a Twisted error.
---
 ooni/ui/web/server.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ooni/ui/web/server.py b/ooni/ui/web/server.py
index eec82d3..385bf18 100644
--- a/ooni/ui/web/server.py
+++ b/ooni/ui/web/server.py
@@ -56,13 +56,13 @@ def xsrf_protect(check=True):
         @wraps(f)
         def wrapper(instance, request, *a, **kw):
             should_check = check and instance._enable_xsrf_protection
-            token_cookie = request.getCookie(u'XSRF-TOKEN')
+            token_cookie = request.getCookie(b'XSRF-TOKEN')
             token_header = request.getHeader(b"X-XSRF-TOKEN")
             if (token_cookie != instance._xsrf_token and
                     instance._enable_xsrf_protection):
-                request.addCookie(u'XSRF-TOKEN',
+                request.addCookie(b'XSRF-TOKEN',
                                   instance._xsrf_token,
-                                  path=u'/')
+                                  path=b'/')
             if should_check and token_cookie != token_header:
                 raise WebUIError(404, "Invalid XSRF token")
             return f(instance, request, *a, **kw)
@@ -161,7 +161,7 @@ class WebUIAPI(object):
         # We use a double submit token to protect against XSRF
         rng = SystemRandom()
         token_space = string.letters+string.digits
-        self._xsrf_token = ''.join([rng.choice(token_space)
+        self._xsrf_token = b''.join([rng.choice(token_space)
                                     for _ in range(30)])
 
         self._director_started = False



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits