diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/pyramid/config/security.py | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/pyramid/config/security.py b/src/pyramid/config/security.py index 0d2bc8e99..02271e2ba 100644 --- a/src/pyramid/config/security.py +++ b/src/pyramid/config/security.py @@ -222,6 +222,9 @@ class SecurityConfiguratorMixin(object): never be automatically checked for CSRF tokens. Default: ``('GET', 'HEAD', 'OPTIONS', TRACE')``. + ``allow_no_origin`` is a boolean. If false, a request lacking both an + ``Origin`` and ``Referer`` header will fail the CSRF check.' + If ``callback`` is set, it must be a callable accepting ``(request)`` and returning ``True`` if the request should be checked for a valid CSRF token. This callback allows an application to support @@ -237,6 +240,9 @@ class SecurityConfiguratorMixin(object): .. versionchanged:: 1.8 Added the ``callback`` option. + .. versionchanged:: 2.0 + Added the ``allow_no_origin`` option. + """ options = DefaultCSRFOptions( require_csrf=require_csrf, |