]> git.ipfire.org Git - thirdparty/tornado.git/commitdiff
projects / thirdparty / tornado.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5fc06ca)
Ignore XSRF cookie check when X-Requested-With XMLHttpRequest header is present
authorBret Taylor <btaylor@btaylor-mac.local>
Sun, 6 Dec 2009 03:36:50 +0000 (19:36 -0800)
committerBret Taylor <btaylor@btaylor-mac.local>
Sun, 6 Dec 2009 03:36:50 +0000 (19:36 -0800)
tornado/web.py patch | blob | blame | history

diff --git a/tornado/web.py b/tornado/web.py
index 7b8dd7d0947a49ac30947e031a5193f578b18df2..86aa1f3405f11db6d567cdce5a471dd69408d61f 100644 (file)
--- a/tornado/web.py
+++ b/tornado/web.py
@@ -590,6 +590,8 @@ class RequestHandler(object):
 
         See http://en.wikipedia.org/wiki/Cross-site_request_forgery
         """
+        if self.request.headers.get("X-Requested-With") == "XMLHttpRequest":
+            return
         token = self.get_argument("_xsrf", None)
         if not token:
             raise HTTPError(403, "'_xsrf' argument missing from POST")
Mirror of https://github.com/tornadoweb/tornado.git