Am 16.04.2016 um 23:27 schrieb Michael Merickel:
- You may also set "pyramid.require_default_csrf = yes" to globally enable CSRF on your entire application and turn it off on a per-view basis using "require_csrf=False" on individual views.
This requires to enable a session factory, though. I tried to avoid this where a server side session was not needed, e.g. in a single page app where the state apart from authentication is kept on the client.
Any recommendation for a simple session factory just to support CSRF protection? I'm asking because the default session is unencrypted and not recommended when security is important, and pyramid_redis/beaker don't look really actively maintained and add dependencies which need to be taken care of. What do people here use for server side sessions?
-- Christoph -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/57136949.6000700%40online.de. For more options, visit https://groups.google.com/d/optout.
