Open lstuma opened 12 months ago
we can integrate it with the templating maybe like so:
<form method='Post' action='/super/secure/endpoint/'>
<input type='password' name='secret''/>
{{ csrf }}
</form>
and with other types of forms we could implement the protection like this:
from pigeon.shortcuts import csrfprotect
@app.view('/super/secure/form/')
def secure_form(request):
return f '<form method='Post' action='/super/secure/endpoint/'><input type='password' name=' />{csrfprotect()}</form>'
@raspitim what do you think - i'm not a complete fan of the name 'csrfprotect()' - do you have any recommendations?
adding tokens to protect agains csrf should be considered a standard practice - yet as of right now - an easy implementation of this is still missing