aiohttp-csrf AJAX (XMLHTTPRequest) calls #2
Description
Every call a new token is generated. The problem is with AJAX calls the token on the client is not updated.
async def jinja_ctx_processor(rq: web.Request):
csrf_token = ''
session = await get_session(rq)
if 'X-Requested-With' in rq.headers:
rq[aiohttp_csrf.storage.REQUEST_NEW_TOKEN_KEY] = session[AppConfig.CSRF_COOKIE_NAME]
else:
csrf_token = await aiohttp_csrf.generate_token(rq)
return {"csrf_token": csrf_token}
With this code I prevent to generate new token with AJAX calls. :)