Disable CSRF protection in all views by default

maxcountryman / flask-seasurf

SeaSurf is a Flask extension for preventing cross-site request forgery (CSRF).

http://readthedocs.org/docs/flask-seasurf/

Other

190 stars 49 forks source link

Closed Alexmod closed 8 years ago

Alexmod commented 8 years ago

Hi, How to disable CSRF protection in all views by default and then selectively protect only what I need?

maxcountryman commented 8 years ago

Set SEASURF_INCLUDE_OR_EXEMPT_VIEWS to "include" and then decorate the views you'd like to include for validation.

Alexmod commented 8 years ago

I added.

app.config['SEASURF_INCLUDE_OR_EXEMPT_VIEWS'] = 'include'
csrf = SeaSurf(app)

Everything works. Thank you!