bag.web.pyramid.angular_csrf module

Make Pyramid 1.7+ play ball with AngularJS to achieve CSRF protection.

To use this module, include it in your application configuration:

# Integrate with Angular for CSRF protection:

For any GET requests, this causes the response to have a cookie containing the CSRF token, just as Angular 1.x wants it.

In subsequent AJAX requests (with verbs different than GET), Angular will send the token back in a header ‘X-XSRF-Token’.

Pyramid will validate the CSRF token before calling your view handler.

Relevant angular documentation is at$http

Relevant Pyramid documentation is at


Set up the angular_csrf protection scheme for a Pyramid application.

Set the XSRF-TOKEN cookie if necessary, on a GET request.

If this is the first GET request, we set the CSRF token in a JavaScript readable session cookie called XSRF-TOKEN. Angular will pick it up for subsequent AJAX requests.