def get_request_validity():
# GitHub signature will suffice for CSRF check
github_signature = request.headers.get("X-Hub-Signature")
if github_signature:
payload_bytes = request.get_data()
for github_webhook_secret in config.github_webhook_secrets:
digest = hmac.new(github_webhook_secret, payload_bytes, sha1).hexdigest()
expected_signature = "sha1=%s" % digest
if expected_signature == github_signature:
return True
# Normal CSRF form tokens work too
token = request.form.get("_csrf_token")
expected_token = session.get("_csrf_token", None)
if expected_token and expected_token == token:
return True
return False
评论列表
文章目录
