> --
> You received this message because you are subscribed to the Google Groups "pylons-discuss" group.
> To post to this group, send email to pylons-...@googlegroups.com.
> To unsubscribe from this group, send email to pylons-discus...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
>
>
I do think checking the csrf token is some kind of validation, at
least for some of my apps there's parts of validating a form which
check the authorization of the request
Or you could shamelessly add it to your ``formid``, e.g.
Form(formid="deform-%s" % self.request.session.get_crsf_token())
> That takes care of creating the token. Now to checking.
If you're using ``pyramid_deform``, then you could subclass and add:
@reify
def crsf(self):
return self.request.session.get_csrf_token()
@reify
def form_class(self):
return functools.partial(
deform.form.Form,
formid="deform-%s" % self.crsf,
)
def __getattribute__(self, name):
value = object.__getattribute__(self, name)
if name.endswith('_success'):
def crsf_validator(data, crsf=self.crsf, post=self.request.POST):
formid = post.get('__formid__')
token = formid.split('-')[-1]
if token != crsf:
raise HTTPUnauthorized("CRSF validation error")
return value(data)
return crsf_validator
return value
\malthe