On Wed, Feb 18, 2009 at 7:41 PM, Toshio Kuratomi <[email protected]> wrote: > Hey guys, I'm looking at porting a CSRF protecting identity provider > over from TG1 to the brand new TG2 world but found that one of the > things I use to do it is not present. > > On startup, I presently set tg.ignore_parameters with the name of a CSRF > token that I could potentially pass to any of my methods. The idea > being that this parameter is similar to tg_random, tg_format, the > tg_paginate_* params and other special parameters that the app author > shouldn't have to worry about. However, that config option doesn't > exist in TG2. Could that be added back into the TG2 branch?
I think this should go into tg.configuration.py and the proper application code in config/app_cfg.py > > Opened a trac ticket with all the information I could find about this > being aded to the 1.0.x branch: > > http://trac.turbogears.org/ticket/2219 > +1, if you want to provide a patch for this it should be minimal, if not I'll to fix it next time I'm around the code. > -Toshio > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears Trunk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/turbogears-trunk?hl=en -~----------~----~----~----~------~----~------~--~---
