middleware Don't pop the CSRF from the session

We may need the value for future submissions. Fixes issue pwyf#41
michaelwood · Oct 29, 2019 · f267e6b · f267e6b
1 parent 73988ea
commit f267e6b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/DataQualityTester/lib/middleware.py b/DataQualityTester/lib/middleware.py
@@ -9,7 +9,7 @@
 @app.before_request
 def csrf_protect():
     if request.method == 'POST':
-        token = session.pop('_csrf_token', None)
+        token = session.get('_csrf_token', None)
         if not token or token != request.form.get('_csrf_token'):
             abort(403)