From 9202e5a1e15183b134fa15c4e1290dea8ed2acbe Mon Sep 17 00:00:00 2001
From: Nathan Yergler <nathan@yergler.net>
Date: Sat, 1 Oct 2011 14:24:49 -0700
Subject: [PATCH] #361: Removing additional secret key, per CW's request.

---
 mediagoblin/config_spec.ini    | 1 -
 mediagoblin/middleware/csrf.py | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/mediagoblin/config_spec.ini b/mediagoblin/config_spec.ini
index 37fe7130..298a6951 100644
--- a/mediagoblin/config_spec.ini
+++ b/mediagoblin/config_spec.ini
@@ -42,7 +42,6 @@ celery_setup_elsewhere = boolean(default=False)
 allow_attachments = boolean(default=False)
 
 # Cookie stuff
-secret_key = string(default="Something Super Duper Secrit!")
 csrf_cookie_name = string(default='mediagoblin_nonce')
 
 [storage:publicstore]
diff --git a/mediagoblin/middleware/csrf.py b/mediagoblin/middleware/csrf.py
index d41bcd87..44b799d5 100644
--- a/mediagoblin/middleware/csrf.py
+++ b/mediagoblin/middleware/csrf.py
@@ -106,7 +106,7 @@ class CsrfMiddleware(object):
 
         return hashlib.md5("%s%s" %
                            (randrange(0, self.MAX_CSRF_KEY),
-                            mg_globals.app_config['secret_key'])).hexdigest()
+                            randrange(0, self.MAX_CSRF_KEY))).hexdigest()
 
     def verify_tokens(self, request):
         """Verify that the CSRF Cookie exists and that it matches the
-- 
2.25.1