From 3f30cc3c8808563018a5cfa0c7886477857f682a Mon Sep 17 00:00:00 2001
From: =?utf8?q?Roland=20H=C3=A4der?= <roland@mxchange.org>
Date: Fri, 15 Nov 2024 01:15:25 +0100
Subject: [PATCH] Continued: - better handling of CSRF meta tags

---
 fba/http/csrf.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/fba/http/csrf.py b/fba/http/csrf.py
index 6843905..bf2648e 100644
--- a/fba/http/csrf.py
+++ b/fba/http/csrf.py
@@ -79,9 +79,16 @@ def determine(domain: str, headers: dict) -> dict:
             logger.warning("domain='%s' has returned invalid HTML markup", domain)
 
         logger.debug("tag[%s]='%s'", type(tag), tag)
-        if tag is not None:
+        if tag is None:
+            logger.debug("domain='%s' does not have CSRF token", domain)
+        elif "content" in tag:
             logger.debug("Adding CSRF token='%s' for domain='%s'", tag["content"], domain)
             reqheaders["X-CSRF-Token"] = tag["content"]
+        elif "data-token" in tag:
+            logger.debug("Adding CSRF token='%s' for domain='%s'", tag["data-token"], domain)
+            reqheaders["X-CSRF-Token"] = tag["data-token"]
+        else:
+            logger.warning("domain='%s' has unknown CSRF token: tag()=%d", domain, len(tag))
     elif not validators.url(response_url):
         logger.warning("response_url='%s' is not valid - Raising exception ...", response_url)
 
-- 
2.39.5