TeamSmil3y / PigeonPost

Python web framework • apparently easy to use
https://docs.pigeon.teamsmiley.org
MIT License
1 stars 0 forks source link

:lock::sparkles: add protection against cross-site-request-forgery #59

Open lstuma opened 12 months ago

lstuma commented 12 months ago

adding tokens to protect agains csrf should be considered a standard practice - yet as of right now - an easy implementation of this is still missing

lstuma commented 12 months ago

we can integrate it with the templating maybe like so:

<form method='Post' action='/super/secure/endpoint/'>
    <input type='password' name='secret''/>
    {{ csrf }}
</form>

and with other types of forms we could implement the protection like this:

from pigeon.shortcuts import csrfprotect

@app.view('/super/secure/form/')
def secure_form(request):
    return f '<form method='Post' action='/super/secure/endpoint/'><input type='password' name=' />{csrfprotect()}</form>'

@raspitim what do you think - i'm not a complete fan of the name 'csrfprotect()' - do you have any recommendations?