commit 21548e9f0f53100336ef4f22d423f5f728a117e5 Author: Simone Basso bassosimone@gmail.com Date: Mon Sep 19 11:04:53 2016 +0200

ui/web/server.py: pass binary, not unicode cookies

It seems that Twisted has added a function enforcing binary data (not unicode, or str) when sending to the network.

Thus, make sure that we pass cookies as binary (more specifically ascii encoded data) to avoid a Twisted error. --- ooni/ui/web/server.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ooni/ui/web/server.py b/ooni/ui/web/server.py index eec82d3..385bf18 100644 --- a/ooni/ui/web/server.py +++ b/ooni/ui/web/server.py @@ -56,13 +56,13 @@ def xsrf_protect(check=True): @wraps(f) def wrapper(instance, request, *a, **kw): should_check = check and instance._enable_xsrf_protection - token_cookie = request.getCookie(u'XSRF-TOKEN') + token_cookie = request.getCookie(b'XSRF-TOKEN') token_header = request.getHeader(b"X-XSRF-TOKEN") if (token_cookie != instance._xsrf_token and instance._enable_xsrf_protection): - request.addCookie(u'XSRF-TOKEN', + request.addCookie(b'XSRF-TOKEN', instance._xsrf_token, - path=u'/') + path=b'/') if should_check and token_cookie != token_header: raise WebUIError(404, "Invalid XSRF token") return f(instance, request, *a, **kw) @@ -161,7 +161,7 @@ class WebUIAPI(object): # We use a double submit token to protect against XSRF rng = SystemRandom() token_space = string.letters+string.digits - self._xsrf_token = ''.join([rng.choice(token_space) + self._xsrf_token = b''.join([rng.choice(token_space) for _ in range(30)])

self._director_started = False