Hey guys, I'm looking at porting a CSRF protecting identity provider over from TG1 to the brand new TG2 world but found that one of the things I use to do it is not present.
On startup, I presently set tg.ignore_parameters with the name of a CSRF token that I could potentially pass to any of my methods. The idea being that this parameter is similar to tg_random, tg_format, the tg_paginate_* params and other special parameters that the app author shouldn't have to worry about. However, that config option doesn't exist in TG2. Could that be added back into the TG2 branch? Opened a trac ticket with all the information I could find about this being aded to the 1.0.x branch: http://trac.turbogears.org/ticket/2219 -Toshio
signature.asc
Description: OpenPGP digital signature
