pyramid/config/security.py | ●●●●● patch | view | raw | blame | history |
pyramid/config/security.py
@@ -200,7 +200,7 @@ are not subject to CSRF attacks. For example, if a request is authenticated using the ``Authorization`` header instead of a cookie, this may return ``False`` for that request so that clients do not need to send the ``X-CSRF-Token` header. The callback is only tested need to send the ``X-CSRF-Token`` header. The callback is only tested for non-safe methods as defined by ``safe_methods``. """