Continued:

- better handling of CSRF meta tags

diff --git a/fba/http/csrf.py b/fba/http/csrf.py
index 684390501b5ccf51d2377df3e31e107d4ba3f033..bf2648e56fcadf08511b40ae02dd67f0d5bc9dba 100644 (file)
--- a/fba/http/csrf.py
+++ b/fba/http/csrf.py
@@ -79,9 +79,16 @@ def determine(domain: str, headers: dict) -> dict:
             logger.warning("domain='%s' has returned invalid HTML markup", domain)
 
         logger.debug("tag[%s]='%s'", type(tag), tag)
-        if tag is not None:
+        if tag is None:
+            logger.debug("domain='%s' does not have CSRF token", domain)
+        elif "content" in tag:
             logger.debug("Adding CSRF token='%s' for domain='%s'", tag["content"], domain)
             reqheaders["X-CSRF-Token"] = tag["content"]
+        elif "data-token" in tag:
+            logger.debug("Adding CSRF token='%s' for domain='%s'", tag["data-token"], domain)
+            reqheaders["X-CSRF-Token"] = tag["data-token"]
+        else:
+            logger.warning("domain='%s' has unknown CSRF token: tag()=%d", domain, len(tag))
     elif not validators.url(response_url):
         logger.warning("response_url='%s' is not valid - Raising exception ...", response_url)