Closed klinkin closed 12 years ago
maxcountryman
commented
12 years ago Hi Mike,
Most of this looks good. But I'm a little unclear on the purpose of the "include view" decorator. By default, all views which are POSTed to are protected. The exempt decorator was meant to provide a way to manually override this functionality.
Maybe I'm missing something, but is an include decorator really necessary?
That said, the other changes look good.
klinkin
commented
12 years ago Hi Max!
Sorry for my delay with answer. I know that by default all form protected :) But sometimes we need to turn off csrf-protection for all form, because all form already protected with built-in protection WTF-Form. And that protects some form without using WTF-Form i want to use flask-seasurf.
The config parametr "EASURF_INCLUDE_OR_EXEMPT_VIEWS" are switch the mode of cheking csrf-protection. See code, please :)
maxcountryman
commented
12 years ago Okay, thanks for clarifying. :) I'll look this over tonight after work.
klinkin
commented
12 years ago Hi Max,
what about my patch? :)
maxcountryman
commented
12 years ago Hi Mike,
Sorry I've been busy with work. I'll try to take a look at this tomorrow.
klinkin
commented
12 years ago Ok, thx.
maxcountryman
commented
12 years ago Hi again,
Sorry for the wait. It seems like your pull request can't be automatically merged. If you like it would help if you rebased against the latest changes and then I should be able to merge it.
Thanks!
klinkin
commented
12 years ago Hi Max,
I opened new issue and this one can be closed.
I added include decorator and one parametr in app config 'SEASURF_INCLUDE_OR_EXEMPT_VIEWS'. Also add new test for new decorator and some minor changes.