more fixes

rishabhpoddar · rishabhpoddar · commit 08bc4c635fe7 · 2023-11-27T17:17:50.000+05:30
diff --git a/supertokens_python/recipe/session/session_functions.py b/supertokens_python/recipe/session/session_functions.py
@@ -110,6 +110,7 @@ async def create_new_session(
         access_token_payload = {}
     enable_anti_csrf = (
         disable_anti_csrf is False
+        # We dont need to check if anti csrf is a function here because checking for "VIA_TOKEN" is enough
         and recipe_implementation.config.anti_csrf_function_or_string == "VIA_TOKEN"
     )
     response = await recipe_implementation.querier.send_post_request(
@@ -243,7 +244,7 @@ async def get_session(
                         )
                         raise_try_refresh_token_exception("anti-csrf check failed")
 
-        elif config.anti_csrf_function_or_string == "VIA_CUSTOM_HEADER":
+        elif (isinstance(config.anti_csrf_function_or_string, str) and config.anti_csrf_function_or_string == "VIA_CUSTOM_HEADER"):
             # The function should never be called by this (we check this outside the function as well)
             # There we can add a bit more information to the error, so that's the primary check, this is just making sure.
             raise Exception(
@@ -341,8 +342,7 @@ async def refresh_session(
         data["antiCsrfToken"] = anti_csrf_token
 
     if (
-        recipe_implementation.config.anti_csrf_function_or_string
-        == "VIA_CUSTOM_HEADER"  # TODO: can be function
+        isinstance(recipe_implementation.config.anti_csrf_function_or_string, str) and recipe_implementation.config.anti_csrf_function_or_string == "VIA_CUSTOM_HEADER"
         and not disable_anti_csrf
     ):
         # The function should never be called by this (we check this outside the function as well)
