Source code for bag.web.pyramid.angular_csrf

"""Make Pyramid 1.7+ play ball with AngularJS to achieve CSRF protection.

To use this module, include it in your application configuration::

    # Integrate with Angular for CSRF protection:

For any GET requests, this causes the response to have a
cookie containing the CSRF token, just as Angular 1.x wants it.

In subsequent AJAX requests (with verbs different than GET),
Angular will send the token back in a header 'X-XSRF-Token'.

Pyramid will validate the CSRF token before calling your view handler.

Relevant angular documentation is at$http

Relevant Pyramid documentation is at

from import NewResponse

HEADER_NAME = "X-XSRF-Token"  # different from Pyramid's default 'X-CSRF-Token'

[docs]def includeme(config): """Set up the angular_csrf protection scheme for a Pyramid application.""" config.add_subscriber(on_GET_request_setup_csrf_cookie, NewResponse) config.set_default_csrf_options(require_csrf=True, header=HEADER_NAME)