Check for request.endpoint before use.

salsadigitalauorg · Mar 26, 2021 · 35f04d7 · 35f04d7
1 parent 215aa4b
commit 35f04d7
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/ckanext/fortify/anti_csrf.py b/ckanext/fortify/anti_csrf.py
@@ -132,7 +132,7 @@ def after_request_function(response):
         # config_option_update is trying to update token so we need to skip applying the token 
         # to this form
         # TODO: Fix me!
-        if request.endpoint in ('admin.config'):
+        if request.endpoint and request.endpoint in ('admin.config'):
             return response
         token = _get_response_token(request, resp)
         new_response = _apply_token(resp.get_data(as_text=True), token)
@@ -161,7 +161,7 @@ def is_secure():
 def is_safe():
     "Check if the request is 'safe', if the request is safe it will not be checked for csrf"
     # api requests are exempt from csrf checks
-    if request.path.startswith("/api") or request.endpoint in ('admin.config'):
+    if request.path.startswith("/api") or (request.endpoint and request.endpoint in ('admin.config')):
         return True
 
     # get/head/options/trace are exempt from csrf checks