Merge pull request #2501 from dstufft/check-origin-csrf

In addition to CSRF token, verify the origin too
author: Michael Merickel <mmerickel@users.noreply.github.com> 2016-04-16 15:17:52 -0500
committer: Michael Merickel <mmerickel@users.noreply.github.com> 2016-04-16 15:17:52 -0500
commit: 4a4d4b90d108f545000666080b873363386d3ac9 (patch)
tree: 6185b4704a6de2261d5568773c260d50e209d0aa /docs/narr/viewconfig.rst
parent: 1799be9dd8666d10d6b4a04a9b75fc57f8626c6f (diff)
parent: 65dee6e4ca0c0c607e97db0c9e55768f10591a58 (diff)
download: pyramid-4a4d4b90d108f545000666080b873363386d3ac9.tar.gz
pyramid-4a4d4b90d108f545000666080b873363386d3ac9.tar.bz2
pyramid-4a4d4b90d108f545000666080b873363386d3ac9.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/docs/narr/viewconfig.rst b/docs/narr/viewconfig.rst
index 3b8f0353a..cd5b8feb0 100644
--- a/docs/narr/viewconfig.rst
+++ b/docs/narr/viewconfig.rst
@@ -215,6 +215,9 @@ Non-Predicate Arguments
   If this option is set to ``False`` then CSRF checks will be disabled
   regardless of the ``pyramid.require_default_csrf`` setting.
 
+  In addition, if this option is set to ``True`` or a string then CSRF origin
+  checking will be enabled.
+
   See :ref:`auto_csrf_checking` for more information.
 
   .. versionadded:: 1.7
author	Michael Merickel <mmerickel@users.noreply.github.com>	2016-04-16 15:17:52 -0500
committer	Michael Merickel <mmerickel@users.noreply.github.com>	2016-04-16 15:17:52 -0500
commit	4a4d4b90d108f545000666080b873363386d3ac9 (patch)
tree	6185b4704a6de2261d5568773c260d50e209d0aa /docs/narr/viewconfig.rst
parent	1799be9dd8666d10d6b4a04a9b75fc57f8626c6f (diff)
parent	65dee6e4ca0c0c607e97db0c9e55768f10591a58 (diff)
download	pyramid-4a4d4b90d108f545000666080b873363386d3ac9.tar.gz pyramid-4a4d4b90d108f545000666080b873363386d3ac9.tar.bz2 pyramid-4a4d4b90d108f545000666080b873363386d3ac9.zip