diff options
| author | Chris McDonough <chrism@plope.com> | 2012-10-02 17:11:59 -0700 |
|---|---|---|
| committer | Chris McDonough <chrism@plope.com> | 2012-10-02 17:11:59 -0700 |
| commit | b402b9d7b4cbae595fcf872780a0364f204dd79c (patch) | |
| tree | 3fcba89e68d700fd061fcff5e1650742c33c41ac | |
| parent | 768ae5b790a70c7d8806798a1a5096088540d558 (diff) | |
| parent | ccf286e6641184adb6e4bf739c88c6b109466843 (diff) | |
| download | pyramid-b402b9d7b4cbae595fcf872780a0364f204dd79c.tar.gz pyramid-b402b9d7b4cbae595fcf872780a0364f204dd79c.tar.bz2 pyramid-b402b9d7b4cbae595fcf872780a0364f204dd79c.zip | |
Merge pull request #699 from davidjb/master
Clarify documentation for pyramid.session.check_csrf_token function
| -rw-r--r-- | pyramid/session.py | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/pyramid/session.py b/pyramid/session.py index 3b2834693..a5e6a8d3a 100644 --- a/pyramid/session.py +++ b/pyramid/session.py @@ -83,8 +83,9 @@ def signed_deserialize(serialized, secret, hmac=hmac): def check_csrf_token(request, token='csrf_token', raises=True): """ Check the CSRF token in the request's session against the value in - ``request.params.get(token)``. If ``token`` is not supplied, the string - value ``csrf_token`` will be used as the token value. If the value in + ``request.params.get(token)``. If a ``token`` keyword is not supplied + to this function, the string ``csrf_token`` will be used to look up + the token within ``request.params``. If the value in ``request.params.get(token)`` doesn't match the value supplied by ``request.session.get_csrf_token()``, and ``raises`` is ``True``, this function will raise an :exc:`pyramid.httpexceptions.HTTPBadRequest` |