Phil
Reputation: 14671
How can I use CSRF protection with WTForms and Pyramid?
How can I use CSRF protection with WTForms and Pyramid?
In flask, there's a WTForms module which handles this.
What would be a way to have this with Pyramid as well without creating spaghetti code implemented in main logic and with all forms?
Upvotes: 2
Views: 781
Answers (1)
Miguel Grinberg
Reputation: 67507
CSRF protection in WTForms is handled by subclasses of class SecureForm. You should implement a subclass of SecureForm that uses Pyramid's facilities to store tokens in user session and to obtain tokens as they come with a request for verification.
A good implementation to follow is the one for Flask, in flask.ext.wtf.Form class. This is a small class that should port to Pyramid without much effort.
Upvotes: 2
Related Questions
- Is the CSRF token correctly implemented in Flask / WTF?
- How to use Flask-WTForms CSRF protection with AJAX?
- The CSRF token is missing - Flask WTForms Python
- How to fix "The CSRF token is missing" in Flask-WTForms
- CSRF Protection with Flask/WTForms and React
- How do you add csrf validation to pyramid?
- Using CSRF protection with WTForms-Alchemy
- CSRF with WTforms and webapp2
- CSRF protection in web2py
- Pyramid ignoring csrf validation for certain views