From f0591844113d0ebd4847e30442b04ccee69f1f10 Mon Sep 17 00:00:00 2001
From: Stefan Tatschner <rumpelsepp@sevenbyte.org>
Date: Tue, 24 May 2016 10:16:01 +0200
Subject: [PATCH] Use CSFR Token in Syncthing module

Fixes #390
---
 i3pystatus/syncthing.py | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/i3pystatus/syncthing.py b/i3pystatus/syncthing.py
index 58a47c3..8891c9e 100644
--- a/i3pystatus/syncthing.py
+++ b/i3pystatus/syncthing.py
@@ -40,11 +40,16 @@ class Syncthing(IntervalModule):
     )
 
     def st_get(self, endpoint):
-        response = requests.get(
-            urljoin(self.url, endpoint),
-            verify=self.verify_ssl,
-        )
-        return json.loads(response.text)
+        # TODO: Maybe we can share a session across multiple GETs.
+        with requests.Session() as s:
+            r = s.get(self.url)
+            csrf_name, csfr_value = r.headers['Set-Cookie'].split('=')
+            s.headers.update({'X-' + csrf_name: csfr_value})
+            r = s.get(
+                urljoin(self.url, endpoint),
+                verify=self.verify_ssl,
+            )
+        return json.loads(r.text)
 
     def st_post(self, endpoint, data=None):
         headers = {'X-API-KEY': self.apikey}