From 68907b0d62cfc851f5f1c088db182db6780ceab9 Mon Sep 17 00:00:00 2001 From: John Hensley Date: Wed, 19 May 2021 13:23:35 -0400 Subject: [PATCH] Remove workaround for CSRF token set under Python 2 --- securedrop/journalist_app/__init__.py | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/securedrop/journalist_app/__init__.py b/securedrop/journalist_app/__init__.py index 8fa216d660..82aebc547f 100644 --- a/securedrop/journalist_app/__init__.py +++ b/securedrop/journalist_app/__init__.py @@ -9,7 +9,6 @@ from flask_babel import gettext from flask_wtf.csrf import CSRFProtect, CSRFError from os import path -import sys from werkzeug.exceptions import default_exceptions import i18n @@ -150,17 +149,6 @@ def setup_g() -> 'Optional[Response]': 'SESSION_EXPIRATION_MINUTES', 120)) - # Work around https://github.com/lepture/flask-wtf/issues/275 - # -- after upgrading from Python 2 to Python 3, any existing - # session's csrf_token value will be retrieved as bytes, - # causing a TypeError. This simple fix, deleting the existing - # token, was suggested in the issue comments. This code will - # be safe to remove after Python 2 reaches EOL in 2020, and no - # supported SecureDrop installations can still have this - # problem. - if sys.version_info.major > 2 and type(session.get('csrf_token')) is bytes: - del session['csrf_token'] - uid = session.get('uid', None) if uid: g.user = Journalist.query.get(uid)