I was thinking of editing the deform.form class and adding the request as a keyword param. The request would then be used to create a token attribute in the __init__ method with the rest of the attributes. Then I would create a custom form template and add a hidden field with the csrf token.
That takes care of creating the token. Now to checking. I am thinking this is not a case of validation, but rather a case of authorization. The options might be subscribing to a NewRequest event as in this example: http://stackoverflow.com/questions/6434550/how-do-you-add-csrf-validation-to-pyramid or possibly using a custom predicate in the view_config. Using an event listener might be overkill bc it will get called on GET requests, however adding the custom predicate to every view_config will get repetitive. So do you have any suggestions for an elegant way to handle this? Thank you. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
