rattail/tailbone
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Make CSRF protection optional (but on by default)

Browse source
This commit is contained in:
Lance Edgar 2017-10-11 15:57:34 -07:00
parent 6281593084
commit 827cc592b4
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
tailbone/app.py
View file

@ -118,7 +118,7 @@ class Root(dict):
self.request = request self.request = request
def make_pyramid_config(settings): def make_pyramid_config(settings, configure_csrf=True):
""" """
Make a Pyramid config object from the given settings. Make a Pyramid config object from the given settings.
""" """
@ -137,7 +137,8 @@ def make_pyramid_config(settings):
config.set_authentication_policy(SessionAuthenticationPolicy()) config.set_authentication_policy(SessionAuthenticationPolicy())
# always require CSRF token protection # always require CSRF token protection
config.set_default_csrf_options(require_csrf=True, token='_csrf') if configure_csrf:
config.set_default_csrf_options(require_csrf=True, token='_csrf')
# Bring in some Pyramid goodies. # Bring in some Pyramid goodies.
config.include('tailbone.beaker') config.include('tailbone.beaker')