From 35f04d7b5b0d9b3d710212a44a3822a1b648dacd Mon Sep 17 00:00:00 2001
From: Nathan Perry <nathan@salsadigital.com.au>
Date: Fri, 26 Mar 2021 23:19:28 +1300
Subject: [PATCH] Check for request.endpoint before use.

---
 ckanext/fortify/anti_csrf.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ckanext/fortify/anti_csrf.py b/ckanext/fortify/anti_csrf.py
index f02a6e4..347cd05 100644
--- a/ckanext/fortify/anti_csrf.py
+++ b/ckanext/fortify/anti_csrf.py
@@ -132,7 +132,7 @@ def after_request_function(response):
         # config_option_update is trying to update token so we need to skip applying the token 
         # to this form
         # TODO: Fix me!
-        if request.endpoint in ('admin.config'):
+        if request.endpoint and request.endpoint in ('admin.config'):
             return response
         token = _get_response_token(request, resp)
         new_response = _apply_token(resp.get_data(as_text=True), token)
@@ -161,7 +161,7 @@ def is_secure():
 def is_safe():
     "Check if the request is 'safe', if the request is safe it will not be checked for csrf"
     # api requests are exempt from csrf checks
-    if request.path.startswith("/api") or request.endpoint in ('admin.config'):
+    if request.path.startswith("/api") or (request.endpoint and request.endpoint in ('admin.config')):
         return True
 
     # get/head/options/trace are exempt from csrf checks