Need to be able to disable CSRF check on some actions

Question

Need to be able to disable CSRF check on some actions

Closed this issue 13 years ago · 1 comments

As per this post, a method to disable CSRF verification for some URLs is needed.

http://groups.google.com/group/pylons-discuss/browse_thread/thread/3f57077448a42795

Answer 1 · 2011-10-17T16:01:44.000Z

While I'm not completely satisfied with the solution, some of the internals in Pyramid don't allow a decorator to influence a view prior to an event being called.

Right now, I've put a setting that allows you to put a colon separated list of route names that should not be subject to CSRF checking.

http://thesoftwarestudio.com/apex/options.html

apex.no_csrf =
OPTIONAL, a colon separated list of route names that should NOT be subject to CSRF tests.