RedHatTraining/pyramid.git

rewrite csrf checks to support a global setting to turn it on

Michael Merickel

2016-04-11 6b35eb6ca3b271e2943d37307c925c5733e082d9

refs
author	Michael Merickel <michael@merickel.org>
	Monday, April 11, 2016 03:50 +0200
committer	Michael Merickel <michael@merickel.org>
	Monday, April 11, 2016 05:12 +0200
commit	6b35eb6ca3b271e2943d37307c925c5733e082d9
tree	6e959fc6b963a07878409859d54494f8a1d2d017 tree \| zip \| gz
parent	9e9fa9ac40bdd79fbce69f94a13d705e40f3d458 view \| diff

rewrite csrf checks to support a global setting to turn it on

- only check csrf on POST
- support "pyramid.require_default_csrf" setting
- support "require_csrf=True" to fallback to the global setting to
  determine the token name

9 files modified

	docs/glossary.rst	8 ●●●●● diff \| view \| raw \| blame \| history
	docs/narr/hooks.rst	52 ●●●●● diff \| view \| raw \| blame \| history
	docs/narr/sessions.rst	42 ●●●●● diff \| view \| raw \| blame \| history
	pyramid/config/settings.py	7 ●●●●● diff \| view \| raw \| blame \| history
	pyramid/config/views.py	37 ●●●●● diff \| view \| raw \| blame \| history
	pyramid/settings.py	7 ●●●●● diff \| view \| raw \| blame \| history
	pyramid/tests/test_config/test_views.py	27 ●●●●● diff \| view \| raw \| blame \| history
	pyramid/tests/test_viewderivers.py	129 ●●●●● diff \| view \| raw \| blame \| history
	pyramid/viewderivers.py	34 ●●●●● diff \| view \| raw \| blame \| history