Create a new ICSRF implementation for getting CSRF tokens, split out from the session machinery.

Adds configuration of this to the csrf_options configurator commands. Make the default implementation a fallback to the old one. Documentation patches for new best practices given updates CSRF implementation.

3 files changed, 21 insertions, 4 deletions

diff --git a/docs/api/csrf.rst b/docs/api/csrf.rst
new file mode 100644
index 000000000..3125bdac9
--- /dev/null
+++ b/docs/api/csrf.rst
@@ -0,0 +1,18 @@
+.. _csrf_module:
+
+:mod:`pyramid.csrf`
+-------------------
+
+.. automodule:: pyramid.csrf
+
+  .. autofunction:: get_csrf_token
+
+  .. autofunction:: new_csrf_token
+
+  .. autoclass:: SessionCSRF
+     :members:
+
+  .. autofunction:: check_csrf_origin
+
+  .. autofunction:: check_csrf_token
+
diff --git a/docs/api/interfaces.rst b/docs/api/interfaces.rst
index a212ba7a9..2ca472616 100644
--- a/docs/api/interfaces.rst
+++ b/docs/api/interfaces.rst
@@ -44,6 +44,9 @@ Other Interfaces
   .. autointerface:: IRoutePregenerator
      :members:
 
+  .. autointerface:: ICSRF
+     :members:
+
   .. autointerface:: ISession
      :members:
 
diff --git a/docs/api/session.rst b/docs/api/session.rst
index 56c4f52d7..53bae7c52 100644
--- a/docs/api/session.rst
+++ b/docs/api/session.rst
@@ -9,10 +9,6 @@
 
   .. autofunction:: signed_deserialize
 
-  .. autofunction:: check_csrf_origin
-
-  .. autofunction:: check_csrf_token
-
   .. autofunction:: SignedCookieSessionFactory
 
   .. autofunction:: UnencryptedCookieSessionFactoryConfig