# HG changeset patch
# User bsw
# Date 1575903297 -3600
# Node ID 3e9b0f1adec3ea3e542535a1be88e841e4ee55b2
# Parent  6b4deab5160ad1a08c6d32f649a16e3962b4ab33
Removed token based CSRF protection (WebMCP uses SameSite cookies now)

diff -r 6b4deab5160a -r 3e9b0f1adec3 app/main/_filter/20_session.lua
--- a/app/main/_filter/20_session.lua	Mon Aug 26 15:55:48 2019 +0200
+++ b/app/main/_filter/20_session.lua	Mon Dec 09 15:54:57 2019 +0100
@@ -11,8 +11,6 @@
   }
 end
 
-request.set_csrf_secret(app.session:additional_secret_for("csrf"))
-
 locale.set{ lang = app.session.lang or config.default_lang or "en" }
 
 if locale.get("lang") == "de" then
diff -r 6b4deab5160a -r 3e9b0f1adec3 model/session.lua
--- a/model/session.lua	Mon Aug 26 15:55:48 2019 +0200
+++ b/model/session.lua	Mon Dec 09 15:54:57 2019 +0100
@@ -20,7 +20,7 @@
 
 local secret_length = 24
 local secret_alphabet = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
-local secret_purposes = { "oauth", "csrf", "_other" }
+local secret_purposes = { "oauth", "_other" }
 for idx, purpose in ipairs(secret_purposes) do
   secret_purposes[purpose] = idx
 end