diff options
| author | Theron Luhn <theron@luhn.com> | 2019-09-19 20:30:08 -0700 |
|---|---|---|
| committer | Theron Luhn <theron@luhn.com> | 2019-09-19 20:30:08 -0700 |
| commit | 9ffed1017d5e416813df73e4e76b6bfd1d2da2c8 (patch) | |
| tree | e9aa922336ec802771399204ff5cf8a61bcf8427 /src | |
| parent | 6dd21309e4d9b21162b8db3e015533be10db0601 (diff) | |
| download | pyramid-9ffed1017d5e416813df73e4e76b6bfd1d2da2c8.tar.gz pyramid-9ffed1017d5e416813df73e4e76b6bfd1d2da2c8.tar.bz2 pyramid-9ffed1017d5e416813df73e4e76b6bfd1d2da2c8.zip | |
Document CSRF allow_no_origin option.
Diffstat (limited to 'src')
| -rw-r--r-- | src/pyramid/config/security.py | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/pyramid/config/security.py b/src/pyramid/config/security.py index 0d2bc8e99..02271e2ba 100644 --- a/src/pyramid/config/security.py +++ b/src/pyramid/config/security.py @@ -222,6 +222,9 @@ class SecurityConfiguratorMixin(object): never be automatically checked for CSRF tokens. Default: ``('GET', 'HEAD', 'OPTIONS', TRACE')``. + ``allow_no_origin`` is a boolean. If false, a request lacking both an + ``Origin`` and ``Referer`` header will fail the CSRF check.' + If ``callback`` is set, it must be a callable accepting ``(request)`` and returning ``True`` if the request should be checked for a valid CSRF token. This callback allows an application to support @@ -237,6 +240,9 @@ class SecurityConfiguratorMixin(object): .. versionchanged:: 1.8 Added the ``callback`` option. + .. versionchanged:: 2.0 + Added the ``allow_no_origin`` option. + """ options = DefaultCSRFOptions( require_csrf=require_csrf, |