_V&@s3dZddlmZddlZddlZddlmZddlmZddl m Z ddl m Z m Z ddlmZdd lmZdd lmZejd Zd Zd ZdZdZdZdZdZddZddZddZddZ ddZ!Gddde"Z#dS)z Cross Site Request Forgery Middleware. This module provides a middleware that implements protection against request forgeries from other sites. )unicode_literalsN)settings) get_callable)patch_vary_headers)constant_time_compareget_random_string) force_text)is_same_domain)urlparsezdjango.requestz%Referer checking failed - no Referer.z@Referer checking failed - %s does not match any trusted origins.zCSRF cookie not set.z CSRF token missing or incorrect.z/Referer checking failed - Referer is malformed.zCReferer checking failed - Referer is insecure while host is secure. cCs ttjS)z9 Returns the view to be used for CSRF rejections )rrZCSRF_FAILURE_VIEWr r 8/tmp/pip-build-ghmbqnp_/Django/django/middleware/csrf.py_get_failure_view srcCs ttS)N)rCSRF_KEY_LENGTHr r r r _get_new_csrf_key'srcCs:d|jkr"t|jdsz2CsrfViewMiddleware.process_view..POSTZcsrfmiddlewaretoken)zGETzHEADzOPTIONSzTRACE)r0z80)"getattrrZCOOKIESrCSRF_COOKIE_NAMErKeyErrormethodr!Z is_securergetr(REASON_NO_REFERERr schemer2REASON_MALFORMED_REFERERREASON_INSECURE_REFERERCSRF_COOKIE_DOMAINget_hostZget_portlistZCSRF_TRUSTED_ORIGINSappendanyREASON_BAD_REFERERgeturlREASON_NO_CSRF_COOKIEr7IOErrorZCSRF_HEADER_NAMErREASON_BAD_TOKEN) r rcallback callback_argscallback_kwargsZ csrf_tokenZ good_refererZ server_portZ good_hostsr$Zrequest_csrf_tokenr )r5r process_viewlsb              zCsrfViewMiddleware.process_viewc Cst|ddr|S|jjdds/|S|jtj|jddtjdtjdtjdtj d tj t |d d |_ |S) NrFrrZmax_agedomainr'securehttponlyCookieT)zCookie) r8rr< set_cookierr9ZCSRF_COOKIE_AGErAZCSRF_COOKIE_PATHZCSRF_COOKIE_SECUREZCSRF_COOKIE_HTTPONLYrr)r rresponser r r process_responses         z#CsrfViewMiddleware.process_responseN)__name__ __module__ __qualname____doc__r!r(rNrUr r r r rQs   pr)$rY __future__rloggingrZ django.confrZdjango.core.urlresolversrZdjango.utils.cacherZdjango.utils.cryptorrZdjango.utils.encodingrZdjango.utils.httpr Z#django.utils.six.moves.urllib.parser getLoggerr%r=rFrHrJr?r@rrrrrrobjectrr r r r s0