pyramid_csrf_multi_scheme v0.0.7 released; feedback welcome
10 views
Skip to first unread message
Jonathan Vanasco
Apr 17, 2019, 12:12:19 PM4/17/19
to pylons-discuss
I updated pyramid_csrf_multi_scheme to work with the 1.10 line of pyramid on github (https://github.com/jvanasco/pyramid_csrf_multi_scheme ) and pypi (pyramid_csrf_multi_scheme)
the package is designed for people who need to support csrf in a mixed scheme environment, and offers `DualCookieCSRFStoragePolicy` which reimplements Pyramid's `CookieCSRFStoragePolicy` with two slight differences:
* there are separate HTTP and HTTPS csrf cookies. expiring the HTTPS will expire the HTTP, otherwise the HTTP is only accessible on HTTP connections and HTTPS on HTTPS connections
* `cookie_profile` is replaced with `cookie_profile_secure` and `cookie_profile_http`
the package is designed for people who need to support csrf in a mixed scheme environment, and offers `DualCookieCSRFStoragePolicy` which reimplements Pyramid's `CookieCSRFStoragePolicy` with two slight differences:
* there are separate HTTP and HTTPS csrf cookies. expiring the HTTPS will expire the HTTP, otherwise the HTTP is only accessible on HTTP connections and HTTPS on HTTPS connections
* `cookie_profile` is replaced with `cookie_profile_secure` and `cookie_profile_http`
If you need csrf on a mixed scheme environment, you may find this package helpful.
Reply all
Reply to author
Forward
0 new messages