standardize "non-standard"
| | |
|---|
| | | that it matches one of the trusted origins. By default the only trusted origin |
|---|
| | | is the current host, however additional origins may be configured by setting |
|---|
| | | ``pyramid.csrf_trusted_origins`` to a list of domain names (and ports if they |
|---|
| | | are non standard). If a host in the list of domains starts with a ``.`` then |
|---|
| | | are non-standard). If a host in the list of domains starts with a ``.`` then |
|---|
| | | that will allow all subdomains as well as the domain without the ``.``. |
|---|
| | | |
|---|
| | | If CSRF checks fail then a :class:`pyramid.exceptions.BadCSRFToken` or |
|---|
| | |
|---|
| | | checks are successful this function will return ``True`` unconditionally. |
|---|
| | | |
|---|
| | | Additional trusted origins may be added by passing a list of domain (and |
|---|
| | | ports if nonstandard like ``['example.com', 'dev.example.com:8080']``) in |
|---|
| | | ports if non-standard like ``['example.com', 'dev.example.com:8080']``) in |
|---|
| | | with the ``trusted_origins`` parameter. If ``trusted_origins`` is ``None`` |
|---|
| | | (the default) this list of additional domains will be pulled from the |
|---|
| | | ``pyramid.csrf_trusted_origins`` setting. |
|---|
