fix(csrf): use CSRF token stored in Requests session (!28) · Merge requests · cubicweb / cwclientlib

Elouan Martinet requested to merge topic/default/fix-grab-csrf into branch/default Mar 22, 2022

When calling rqlio(), it doesn't try to grab the CSRF token (as it is not required). However, the request sent afterwards will store that token in Requests session. On future requests, the token will be sent as a cookie, since the Requests session contains it in its cookie jar. This means that when the function for grabbing the token will be triggered, the response of the request made to base_url will not contain the token.

This patch replaces the usage of an independantly stored token to use the Requests session's cookie jar.

fix(csrf): use CSRF token stored in Requests session

Merge request reports