standardize "non-standard"
| | |
| | | that it matches one of the trusted origins. By default the only trusted origin |
| | | is the current host, however additional origins may be configured by setting |
| | | ``pyramid.csrf_trusted_origins`` to a list of domain names (and ports if they |
| | | are non standard). If a host in the list of domains starts with a ``.`` then |
| | | are non-standard). If a host in the list of domains starts with a ``.`` then |
| | | that will allow all subdomains as well as the domain without the ``.``. |
| | | |
| | | If CSRF checks fail then a :class:`pyramid.exceptions.BadCSRFToken` or |
| | |
| | | checks are successful this function will return ``True`` unconditionally. |
| | | |
| | | Additional trusted origins may be added by passing a list of domain (and |
| | | ports if nonstandard like ``['example.com', 'dev.example.com:8080']``) in |
| | | ports if non-standard like ``['example.com', 'dev.example.com:8080']``) in |
| | | with the ``trusted_origins`` parameter. If ``trusted_origins`` is ``None`` |
| | | (the default) this list of additional domains will be pulled from the |
| | | ``pyramid.csrf_trusted_origins`` setting. |