From 827cc592b48d2103af469647d597dae0137276b5 Mon Sep 17 00:00:00 2001
From: Lance Edgar <lance@edbob.org>
Date: Wed, 11 Oct 2017 15:57:34 -0700
Subject: [PATCH] Make CSRF protection optional (but on by default)

---
 tailbone/app.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/tailbone/app.py b/tailbone/app.py
index 3604c52b..352b67f6 100644
--- a/tailbone/app.py
+++ b/tailbone/app.py
@@ -118,7 +118,7 @@ class Root(dict):
         self.request = request
 
 
-def make_pyramid_config(settings):
+def make_pyramid_config(settings, configure_csrf=True):
     """
     Make a Pyramid config object from the given settings.
     """
@@ -137,7 +137,8 @@ def make_pyramid_config(settings):
     config.set_authentication_policy(SessionAuthenticationPolicy())
 
     # always require CSRF token protection
-    config.set_default_csrf_options(require_csrf=True, token='_csrf')
+    if configure_csrf:
+        config.set_default_csrf_options(require_csrf=True, token='_csrf')
 
     # Bring in some Pyramid goodies.
     config.include('tailbone.beaker')