I'm using: from pylons.decorators.secure import authenticate_form And the decorator: @authenticate_form
I started off decorating both the action the renders the form (edit), and the action that handles the form (update). But that prevented the form from even loading (403 on account of CSF), so I moved the decorator exclusively to the handler action. Seems to work, but I have a question: I don't understanding how merely importing authenticate_form and decorating my update action magically creates an "_authentication_token" hidden field on the form rendered by the non-decorated edit action. Can someone explain? Second question: While the authenticity token works, my functional tests now fail. Can someone give an example of how to functionally test a form that uses authenticity tokens? Thanks. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
