From b9ced255579756590cd2f7126cab81c2d9494a3d Mon Sep 17 00:00:00 2001 From: Jesse Vickery Date: Fri, 25 Aug 2023 16:26:00 +0000 Subject: [PATCH 1/2] feat(views): allow flask response streams; - Allow response generators to return and not be edited to insert any token. --- ckanext/csrf_filter/plugin.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ckanext/csrf_filter/plugin.py b/ckanext/csrf_filter/plugin.py index cf555a2..44bcfc6 100644 --- a/ckanext/csrf_filter/plugin.py +++ b/ckanext/csrf_filter/plugin.py @@ -3,6 +3,7 @@ """ from logging import getLogger +from types import GeneratorType from ckan import plugins from ckan.plugins import implements, toolkit @@ -95,6 +96,10 @@ def check_csrf(): def set_csrf_token(response): """ Apply a CSRF token to all response bodies. """ + if hasattr(response, 'response') \ + and isinstance(response.response, GeneratorType): + return response + response.direct_passthrough = False anti_csrf.apply_token(response) return response From 0e1c4d500383bcc5e17b411d4429b40e48b10df8 Mon Sep 17 00:00:00 2001 From: Jesse Vickery <97247789+JVickery-TBS@users.noreply.github.com> Date: Fri, 25 Aug 2023 12:32:36 -0400 Subject: [PATCH 2/2] Update ckanext/csrf_filter/plugin.py Co-authored-by: Ian Ward --- ckanext/csrf_filter/plugin.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ckanext/csrf_filter/plugin.py b/ckanext/csrf_filter/plugin.py index 44bcfc6..9c3e7ce 100644 --- a/ckanext/csrf_filter/plugin.py +++ b/ckanext/csrf_filter/plugin.py @@ -97,7 +97,7 @@ def set_csrf_token(response): """ Apply a CSRF token to all response bodies. """ if hasattr(response, 'response') \ - and isinstance(response.response, GeneratorType): + and isinstance(response.response, GeneratorType): return response response.direct_passthrough = False