From 5954e10f2a23410b0ea9ebf36e8935b9666dfd77 Mon Sep 17 00:00:00 2001
From: lijiahua <lijiahua@ifanr.com>
Date: Tue, 28 Feb 2023 10:10:20 +0800
Subject: [PATCH] handle masked token

---
 tastypie/compat.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/tastypie/compat.py b/tastypie/compat.py
index 95e80ba27..7fb48cb26 100644
--- a/tastypie/compat.py
+++ b/tastypie/compat.py
@@ -47,9 +47,14 @@ def is_ajax(request):
 
 # django 4.0
 try:
-    from django.middleware.csrf import _does_token_match, InvalidTokenFormat
+    from django.middleware.csrf import _does_token_match, _unmask_cipher_token, CSRF_TOKEN_LENGTH, InvalidTokenFormat  # noqa
+
+    def compare_sanitized_tokens(request_csrf_token, csrf_token):
+        csrf_secret = csrf_token
+        if len(csrf_token) == CSRF_TOKEN_LENGTH:
+            csrf_secret = _unmask_cipher_token(csrf_token)
+        return _does_token_match(request_csrf_token, csrf_secret)
 
-    compare_sanitized_tokens = _does_token_match
 except ImportError:
     pass