Need to be able to disable CSRF check on some actions
Closed this issue · 1 comments
cd34 commented
As per this post, a method to disable CSRF verification for some URLs is needed.
http://groups.google.com/group/pylons-discuss/browse_thread/thread/3f57077448a42795
cd34 commented
While I'm not completely satisfied with the solution, some of the internals in Pyramid don't allow a decorator to influence a view prior to an event being called.
Right now, I've put a setting that allows you to put a colon separated list of route names that should not be subject to CSRF checking.
http://thesoftwarestudio.com/apex/options.html
apex.no_csrf =
OPTIONAL, a colon separated list of route names that should NOT be subject to CSRF tests.