handle masked token

django-tastypie · Feb 28, 2023 · 5954e10 · 5954e10
1 parent 7683fcd
commit 5954e10
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/tastypie/compat.py b/tastypie/compat.py
@@ -47,9 +47,14 @@ def is_ajax(request):
 
 # django 4.0
 try:
-    from django.middleware.csrf import _does_token_match, InvalidTokenFormat
+    from django.middleware.csrf import _does_token_match, _unmask_cipher_token, CSRF_TOKEN_LENGTH, InvalidTokenFormat  # noqa
+
+    def compare_sanitized_tokens(request_csrf_token, csrf_token):
+        csrf_secret = csrf_token
+        if len(csrf_token) == CSRF_TOKEN_LENGTH:
+            csrf_secret = _unmask_cipher_token(csrf_token)
+        return _does_token_match(request_csrf_token, csrf_secret)
 
-    compare_sanitized_tokens = _does_token_match
 except ImportError:
     pass