Make CSRF protection optional (but on by default)
This commit is contained in:
parent
6281593084
commit
827cc592b4
|
@ -118,7 +118,7 @@ class Root(dict):
|
||||||
self.request = request
|
self.request = request
|
||||||
|
|
||||||
|
|
||||||
def make_pyramid_config(settings):
|
def make_pyramid_config(settings, configure_csrf=True):
|
||||||
"""
|
"""
|
||||||
Make a Pyramid config object from the given settings.
|
Make a Pyramid config object from the given settings.
|
||||||
"""
|
"""
|
||||||
|
@ -137,6 +137,7 @@ def make_pyramid_config(settings):
|
||||||
config.set_authentication_policy(SessionAuthenticationPolicy())
|
config.set_authentication_policy(SessionAuthenticationPolicy())
|
||||||
|
|
||||||
# always require CSRF token protection
|
# always require CSRF token protection
|
||||||
|
if configure_csrf:
|
||||||
config.set_default_csrf_options(require_csrf=True, token='_csrf')
|
config.set_default_csrf_options(require_csrf=True, token='_csrf')
|
||||||
|
|
||||||
# Bring in some Pyramid goodies.
|
# Bring in some Pyramid goodies.
|
||||||
|
|
Loading…
Reference in a new issue