I need to extend some API routes on a project with nonces. The general design I would like to accomplish is this:
* Some routes will be a Provider - a nonce will be generated for the header * Some routes will be a Consumer - a valid nonce is required; they will generate a new nonce as well * Most routes will have nothing to do with any of this I am trying to figure out the best way to accomplish this. I was hoping to leverage the CSRF system, but I do not want to integrate "sessions" into this, and I need to keep the size of the nonce value quite small. Tweens would be easy to implement, but that would turn every route into a Provider; I don't want to do that. The best option I can think of right now is to just use python decorators to wrap select callables: @view_config(...) @nonced(policy=NoncePolicy.Provider) def a_view(request): pass Does anyone have better ideas? -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/pylons-discuss/954f6f3b-1f0c-4a62-a39f-5f31ba51f49bn%40googlegroups.com.
