that's excellent news (and thanks for those links). if I'm defining the HTML of a form in a file in my views/ directory how do I leverage this gatekeeper?
On 15 July 2011 15:49, Anthony <[email protected]> wrote: > web2py already uses the second method mentioned, as long as you call > form.accepts(request, session) in your form action (you have to pass session > to form.accepts because it stores the formkey in the session). Note, this > also protects against double form submission (the formkey is only good for > one submission). > > Anthony > On Friday, July 15, 2011 10:38:57 AM UTC-4, Carl wrote: >> >> Any views/insight for adding (or not adding) one of this approaches to >> web2py for its FORMS ? >> >> http://www.codinghorror.com/blog/2008/10/preventing-csrf-and-xsrf-attacks.html
