Skip to content

Commit

Permalink
Fixed some werkzeug warnings
Browse files Browse the repository at this point in the history
  • Loading branch information
@azmeuk
azmeuk committed May 19, 2021
1 parent cecf7db commit 9bbdc58
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions flask_wtf/csrf.py
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import hashlib
import hmac
import logging
import os
import warnings
Expand All @@ -8,7 +9,6 @@
from flask import Blueprint, current_app, g, request, session
from itsdangerous import BadData, SignatureExpired, URLSafeTimedSerializer
from werkzeug.exceptions import BadRequest
from werkzeug.security import safe_str_cmp
from wtforms import ValidationError
from wtforms.csrf.core import CSRF

Expand Down Expand Up @@ -103,7 +103,7 @@ def validate_csrf(data, secret_key=None, time_limit=None, token_key=None):
except BadData:
raise ValidationError('The CSRF token is invalid.')

if not safe_str_cmp(session[field_name], token):
if not hmac.compare_digest(session[field_name], token):
raise ValidationError('The CSRF tokens do not match.')


Expand Down

0 comments on commit 9bbdc58

Please sign in to comment.