I'd have to look up how I set up CSRF detection, but if I'm remembering correctly it was on just one page, either a publicly-accessible form to request an account, or on the login form (which is no longer used since we switched to OAuth2).
You may be able to do something in one of the view callbacks to override the default setting, such an early view predicate. Or maybe in an event callback early in the request cycle. On Thu, Oct 16, 2025 at 3:11 PM Eldav <[email protected]> wrote: > > Hello list, > > just one quick question for confirmation, as I think I know the answer: is it > possible to disable CSRF protection for just one route? > > In my use case, I don't control the system which will call that route, it's a > notification service posting workflow events. HTTP method has to be POST. > > If Pyramid can't do it, I'll set up a micro-service, probably with Litestar, > writing to the sama database as Pyramid. > > Thanks in advance, > > Laurent. > > > -- > You received this message because you are subscribed to the Google Groups > "pylons-discuss" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/d/msgid/pylons-discuss/2fd1dc91-83e4-4f34-a66b-76dcf1fae00bn%40googlegroups.com. -- Mike Orr <[email protected]> -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/pylons-discuss/CAH9f%3Dur4s0Qm4jduB_-j%3Dw8%2BdT_aBn4_sH8j-ahe%2BbBVU4kx2w%40mail.gmail.com.
