search

maxcountryman / flask-seasurf

SeaSurf is a Flask extension for preventing cross-site request forgery (CSRF).
http://readthedocs.org/docs/flask-seasurf/
Other
190 stars 49 forks source link

Document options loaded from app.config in init_app #48

Open nomorepanic opened 8 years ago

nomorepanic commented 8 years ago

The init_app function loads some options from app.config, I think this should be added to the docs, as it provides a mean of configuration.

self._csrf_name = app.config.get('CSRF_COOKIE_NAME', '_csrf_token')
self._csrf_header_name = app.config.get('CSRF_HEADER_NAME',
                                                'X-CSRFToken')
self._csrf_disable = app.config.get('CSRF_DISABLE',
                                            app.config.get('TESTING', False))
self._csrf_timeout = app.config.get('CSRF_COOKIE_TIMEOUT',
                                            timedelta(days=5))
self._csrf_secure = app.config.get('CSRF_COOKIE_SECURE', False)
self._csrf_httponly = app.config.get('CSRF_COOKIE_HTTPONLY', False)
self._type = app.config.get('SEASURF_INCLUDE_OR_EXEMPT_VIEWS',
                                    'exempt')

Especially CSRF_COOKIE_NAME which can be set to 'csrf_token' to get compatibility with Flask-Admin.

maxcountryman commented 8 years ago

I'm fine with adding more documentation.

killthekitten commented 3 years ago

Addressed in https://github.com/maxcountryman/flask-seasurf/pull/104, but maybe needs a release? The website wasn't updated @maxcountryman