summaryrefslogtreecommitdiff
path: root/docs/whatsnew-1.7.rst
diff options
context:
space:
mode:
Diffstat (limited to 'docs/whatsnew-1.7.rst')
-rw-r--r--docs/whatsnew-1.7.rst4
1 files changed, 2 insertions, 2 deletions
diff --git a/docs/whatsnew-1.7.rst b/docs/whatsnew-1.7.rst
index 83ece690e..b85e65ec1 100644
--- a/docs/whatsnew-1.7.rst
+++ b/docs/whatsnew-1.7.rst
@@ -39,14 +39,14 @@ Feature Additions
to security checks. See https://github.com/Pylons/pyramid/pull/2021
- Added a new setting, ``pyramid.require_default_csrf`` which may be used
- to turn on CSRF checks globally for every POST request in the application.
+ to turn on CSRF checks globally for every request in the application.
This should be considered a good default for websites built on Pyramid.
It is possible to opt-out of CSRF checks on a per-view basis by setting
``require_csrf=False`` on those views.
See :ref:`auto_csrf_checking` and
https://github.com/Pylons/pyramid/pull/2413
-- Added a ``require_csrf`` view option which will enforce CSRF checks on POST
+- Added a ``require_csrf`` view option which will enforce CSRF checks on
requests. If the CSRF check fails a ``BadCSRFToken`` exception will be
raised and may be caught by exception views (the default response is a
``400 Bad Request``). This option should be used in place of the deprecated
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-10 23:23:29 +0000