From: Ben Darnell <ben@bendarnell.com>
Date: Fri, 2 Mar 2018 20:53:50 +0000 (-0500)
Subject: web: Document the type of xsrf_token
X-Git-Tag: v5.0.0~4^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ce6222f7181fbcfdf507923cdca618371ce609e1;p=thirdparty%2Ftornado.git

web: Document the type of xsrf_token

Fixes #2279
---

diff --git a/tornado/web.py b/tornado/web.py
index eaab91eed..8abe4bc2a 100644
--- a/tornado/web.py
+++ b/tornado/web.py
@@ -1220,6 +1220,11 @@ class RequestHandler(object):
 
         See http://en.wikipedia.org/wiki/Cross-site_request_forgery
 
+        This property is of type `bytes`, but it contains only ASCII
+        characters. If a character string is required, there is no
+        need to base64-encode it; just decode the byte string as
+        UTF-8.
+
         .. versionchanged:: 3.2.2
            The xsrf token will now be have a random mask applied in every
            request, which makes it safe to include the token in pages