Make CSRF protection optional (but on by default)

This commit is contained in:
Lance Edgar 2017-10-11 15:57:34 -07:00
parent 6281593084
commit 827cc592b4

View file

@ -118,7 +118,7 @@ class Root(dict):
self.request = request self.request = request
def make_pyramid_config(settings): def make_pyramid_config(settings, configure_csrf=True):
""" """
Make a Pyramid config object from the given settings. Make a Pyramid config object from the given settings.
""" """
@ -137,6 +137,7 @@ def make_pyramid_config(settings):
config.set_authentication_policy(SessionAuthenticationPolicy()) config.set_authentication_policy(SessionAuthenticationPolicy())
# always require CSRF token protection # always require CSRF token protection
if configure_csrf:
config.set_default_csrf_options(require_csrf=True, token='_csrf') config.set_default_csrf_options(require_csrf=True, token='_csrf')
# Bring in some Pyramid goodies. # Bring in some Pyramid goodies.