Hello List, I'd like to report a problem I've just encountered, occurring betwen Pyramid's CSRF protection and Deform.
Basically, I have a Pyramid 2.0 web app configured along the lines of the "URL dispatch wiki tutorial" (https://docs.pylonsproject.org/projects/pyramid/en/2.0-branch/tutorials/wiki2/authentication.html), with some Deform forms in it. The Deform Demo (https://deformdemo.pylonsproject.org/pyramid_csrf_demo/) shows how to use a deferred value to create hidden field "csrf_token" in the generated forms. But there's a problem: the token generated that way doesn't have the same value as when I directly call get_csrf_token() in a template. As I don't have the time/energy to fully investigate the problem right now, I think I will just use a workaround: as I'm using Diazo as a theming engine (awesome tech, btw), I think I will add a rule to inject the token into every form. Should work. Still, I wanted to take the time to report the problem, in case it could be useful. Laurent. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/CAB7cU6xD%2B%2BKmdV7imR-w9kRjmNLdqTsoM1MVG0%2BrEpBsLgm94w%40mail.gmail.com.
