Collection of utilities for TurboGears2
Project description
About tgext.utils
tgext.utils is a collection of utilities for the TurboGears2 web framework.
Installing
tgext.utils can be installed from pypi:
pip install tgext.utils
should just work for most of the users.
CSRF Protection
tgext.utils.csrf provides two decorators @csrf_token and @csrf_protect which generate a CSRF token for inclusion in a form and check that the token is valid.
The user must apply @csrf_token decorator to the action that exposes the form, and put an <input type="hidden"> into the form with a request.csrf_token as the value and _csrf_token as name:
@csrf_token
@expose()
def form(self):
return '''
<form method="POST" action="/post_form">
<input type="hidden" name="_csrf_token" value="%s">
</form>''' % request.csrf_token
The action that receives the form must have @csrf_protect decorator, no particular action or check is required on this action:
@csrf_protect
@expose()
def post_form(self, **kwargs):
return 'OK!'
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file tgext.utils-0.0.1.tar.gz
.
File metadata
- Download URL: tgext.utils-0.0.1.tar.gz
- Upload date:
- Size: 4.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 0a6a3d9cdec7638d3559948692d7e7fd64baa1e2e153fa649e266231a78773b0 |
|
MD5 | 8e9a6ce748f3d0ba73d3b6d8602b571e |
|
BLAKE2b-256 | f21a8f31a1eef33bafff244648b9d0c6e3e4364a16a32c24bc75bc9edde8aa8e |