summaryrefslogtreecommitdiff
path: root/django
diff options
context:
space:
mode:
Diffstat (limited to 'django')
-rw-r--r--django/middleware/csrf.py5
1 files changed, 4 insertions, 1 deletions
diff --git a/django/middleware/csrf.py b/django/middleware/csrf.py
index 4ac2f23019..368b51f316 100644
--- a/django/middleware/csrf.py
+++ b/django/middleware/csrf.py
@@ -280,7 +280,10 @@ class CsrfViewMiddleware(MiddlewareMixin):
reason = REASON_BAD_REFERER % referer.geturl()
return self._reject(request, reason)
- csrf_token = request.META.get('CSRF_COOKIE')
+ # Access csrf_token via self._get_token() as rotate_token() may
+ # have been called by an authentication middleware during the
+ # process_request() phase.
+ csrf_token = self._get_token(request)
if csrf_token is None:
# No CSRF cookie. For POST requests, we insist on a CSRF cookie,
# and in this way we can avoid all CSRF attacks, including login