Make CSRF protection optional (but on by default)

2017-10-11 15:57:34 -07:00 · 2017-10-11 15:57:34 -07:00 · 827cc592b4
parent 6281593084
commit 827cc592b4
1 changed files with 3 additions and 2 deletions
--- a/tailbone/app.py
+++ b/tailbone/app.py
@ -118,7 +118,7 @@ class Root(dict):
        self.request = request


-def make_pyramid_config(settings):
+def make_pyramid_config(settings, configure_csrf=True):
    """
    Make a Pyramid config object from the given settings.
    """
@ -137,6 +137,7 @@ def make_pyramid_config(settings):
    config.set_authentication_policy(SessionAuthenticationPolicy())

    # always require CSRF token protection
+    if configure_csrf:
        config.set_default_csrf_options(require_csrf=True, token='_csrf')

    # Bring in some Pyramid goodies.