It's difficult to say without your example. I've been using CSRF as shown in the Deform demo without any issues.
--steve On 4/28/21 10:32 AM, Laurent Daverio wrote: > Hello List, > > I'd like to report a problem I've just encountered, occurring betwen > Pyramid's CSRF protection and Deform. > > Basically, I have a Pyramid 2.0 web app configured along the lines of > the "URL dispatch wiki tutorial" > (https://docs.pylonsproject.org/projects/pyramid/en/2.0-branch/tutorials/wiki2/authentication.html), > with some Deform forms in it. > > The Deform Demo > (https://deformdemo.pylonsproject.org/pyramid_csrf_demo/) shows how to > use a deferred value to create hidden field "csrf_token" in the > generated forms. > > But there's a problem: the token generated that way doesn't have the > same value as when I directly call get_csrf_token() in a template. > > As I don't have the time/energy to fully investigate the problem right > now, I think I will just use a workaround: as I'm using Diazo as a > theming engine (awesome tech, btw), I think I will add a rule to > inject the token into every form. Should work. > > Still, I wanted to take the time to report the problem, in case it > could be useful. > > Laurent. > -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/44979a98-12ae-239e-8478-c2323aecfaf1%40gmail.com.
