Provide CRSF token in response headers of login and logout

madjar / pyramid_persona

Pyramid plugin to use persona for authentication

https://pyramid_persona.readthedocs.org/en/latest/

ISC License

19 stars 6 forks source link

Provide CRSF token in response headers of login and logout #16

Open leplatrem opened 10 years ago

leplatrem commented 10 years ago

So that we can POST authentification without going through the HTML page.

In Javascript, this would allow to perform a HEAD request and obtain the token, before posting the assertion.

madjar commented 10 years ago

I don't have time to dive back into pyramid_persona, but this should be quite simple (something like request.response.headers['X-XSRF-TOKEN'] = request.session.get_csrf_token()).

These API is getting a little crufty, and persona's API is evolving, so I'll clean it up when I have some time.