diff options
| author | Luke Cyca <me@lukecyca.com> | 2013-06-02 19:05:36 -0700 |
|---|---|---|
| committer | Luke Cyca <me@lukecyca.com> | 2013-06-02 19:05:36 -0700 |
| commit | ea93cfd8295b215a19fcc0cd0f28ec9810616528 (patch) | |
| tree | eb7625c691cf885429f9c9600d3821282b29244d | |
| parent | 26b0d13f2973c46cac28c209f7c67b10bfc91b62 (diff) | |
| download | pyramid-ea93cfd8295b215a19fcc0cd0f28ec9810616528.tar.gz pyramid-ea93cfd8295b215a19fcc0cd0f28ec9810616528.tar.bz2 pyramid-ea93cfd8295b215a19fcc0cd0f28ec9810616528.zip | |
Changed header name to X-CSRF-Token
| -rw-r--r-- | pyramid/session.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/pyramid/session.py b/pyramid/session.py index 0433488d8..3708ef879 100644 --- a/pyramid/session.py +++ b/pyramid/session.py @@ -83,14 +83,14 @@ def signed_deserialize(serialized, secret, hmac=hmac): def check_csrf_token(request, token='csrf_token', - header='X-CSRFToken', + header='X-CSRF-Token', raises=True): """ Check the CSRF token in the request's session against the value in ``request.params.get(token)`` or ``request.headers.get(header)``. If a ``token`` keyword is not supplied to this function, the string ``csrf_token`` will be used to look up the token in ``request.params``. If a ``header`` keyword is not supplied to this function, the string - ``X-CSRFToken`` will be used to look up the token in ``request.headers``. + ``X-CSRF-Token`` will be used to look up the token in ``request.headers``. If the value supplied by param or by header doesn't match the value supplied by ``request.session.get_csrf_token()``, and ``raises`` is |