From 8dd6890a7d0e98ec56ffe1476c9de19517094746 Mon Sep 17 00:00:00 2001 From: Thomas Sileo Date: Mon, 11 Jul 2022 09:42:39 +0200 Subject: [PATCH] More CSRF tweaks --- app/config.py | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/app/config.py b/app/config.py index 3d95c8e..66f26f2 100644 --- a/app/config.py +++ b/app/config.py @@ -10,7 +10,6 @@ import tomli from fastapi import Form from fastapi import HTTPException from fastapi import Request -from itsdangerous import TimedSerializer from itsdangerous import URLSafeTimedSerializer from loguru import logger @@ -95,10 +94,13 @@ EMOJI_TPL = '{raw} str: def verify_csrf_token(csrf_token: str = Form()) -> None: try: - csrf_serializer.loads(csrf_token, max_age=600) + csrf_serializer.loads(csrf_token, max_age=1800) except (itsdangerous.BadData, itsdangerous.SignatureExpired): logger.exception("Failed to verify CSRF token") raise HTTPException(status_code=403, detail="CSRF error")