diff options
| author | Chris McDonough <chrism@plope.com> | 2012-10-05 14:23:19 -0400 |
|---|---|---|
| committer | Chris McDonough <chrism@plope.com> | 2012-10-05 14:23:19 -0400 |
| commit | 571f1b6836bec084feec70ccf1e0fb8ced0af317 (patch) | |
| tree | 3fcba89e68d700fd061fcff5e1650742c33c41ac | |
| parent | 768ae5b790a70c7d8806798a1a5096088540d558 (diff) | |
| parent | b402b9d7b4cbae595fcf872780a0364f204dd79c (diff) | |
| download | pyramid-571f1b6836bec084feec70ccf1e0fb8ced0af317.tar.gz pyramid-571f1b6836bec084feec70ccf1e0fb8ced0af317.tar.bz2 pyramid-571f1b6836bec084feec70ccf1e0fb8ced0af317.zip | |
Merge branch 'master' of github.com:Pylons/pyramid
| -rw-r--r-- | pyramid/session.py | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/pyramid/session.py b/pyramid/session.py index 3b2834693..a5e6a8d3a 100644 --- a/pyramid/session.py +++ b/pyramid/session.py @@ -83,8 +83,9 @@ def signed_deserialize(serialized, secret, hmac=hmac): def check_csrf_token(request, token='csrf_token', raises=True): """ Check the CSRF token in the request's session against the value in - ``request.params.get(token)``. If ``token`` is not supplied, the string - value ``csrf_token`` will be used as the token value. If the value in + ``request.params.get(token)``. If a ``token`` keyword is not supplied + to this function, the string ``csrf_token`` will be used to look up + the token within ``request.params``. If the value in ``request.params.get(token)`` doesn't match the value supplied by ``request.session.get_csrf_token()``, and ``raises`` is ``True``, this function will raise an :exc:`pyramid.httpexceptions.HTTPBadRequest` |