Open leplatrem opened 10 years ago
I don't have time to dive back into pyramid_persona, but this should be quite simple (something like request.response.headers['X-XSRF-TOKEN'] = request.session.get_csrf_token()
).
These API is getting a little crufty, and persona's API is evolving, so I'll clean it up when I have some time.
So that we can POST authentification without going through the HTML page.
In Javascript, this would allow to perform a
HEAD
request and obtain the token, before posting the assertion.