Handle bad xsrf tokens more gracefully

author Yusuf Simonson <simonson@gmail.com>

Wed, 7 Jan 2015 16:01:55 +0000 (11:01 -0500)

committer Yusuf Simonson <simonson@gmail.com>

Wed, 7 Jan 2015 16:01:55 +0000 (11:01 -0500)
author Yusuf Simonson <simonson@gmail.com>
Wed, 7 Jan 2015 16:01:55 +0000 (11:01 -0500)
committer Yusuf Simonson <simonson@gmail.com>
Wed, 7 Jan 2015 16:01:55 +0000 (11:01 -0500)
diff --git a/tornado/web.py b/tornado/web.py

index 2d1dac0fd23f7fdd11707d886596584ef350560e..7175184830ce696f067a9bcb71aa09333d70e905 100644 (file)
--- a/tornado/web.py
+++ b/tornado/web.py
@@ -1124,7 +1124,11 @@ class RequestHandler(object):
          if m:
              version = int(m.group(1))
              if version == 2:
-                _, mask, masked_token, timestamp = cookie.split("|")
+                try:
+                    _, mask, masked_token, timestamp = cookie.split("|")
+                except ValueError:
+                    return None, None, None
+
                  mask = binascii.a2b_hex(utf8(mask))
                  token = _websocket_mask(
                      mask, binascii.a2b_hex(utf8(masked_token)))
author	Yusuf Simonson <simonson@gmail.com>
	Wed, 7 Jan 2015 16:01:55 +0000 (11:01 -0500)
committer	Yusuf Simonson <simonson@gmail.com>
	Wed, 7 Jan 2015 16:01:55 +0000 (11:01 -0500)