and relately... I'm using Web2py JSON api. is my site protected "out of the box" or do I need to pass parameters in a particular manner?
On 15 July 2011 15:53, Carl Roach <[email protected]> wrote: > that's excellent news (and thanks for those links). > > if I'm defining the HTML of a form in a file in my views/ directory > how do I leverage this gatekeeper? > > > > On 15 July 2011 15:49, Anthony <[email protected]> wrote: >> web2py already uses the second method mentioned, as long as you call >> form.accepts(request, session) in your form action (you have to pass session >> to form.accepts because it stores the formkey in the session). Note, this >> also protects against double form submission (the formkey is only good for >> one submission). >> >> Anthony >> On Friday, July 15, 2011 10:38:57 AM UTC-4, Carl wrote: >>> >>> Any views/insight for adding (or not adding) one of this approaches to >>> web2py for its FORMS ? >>> >>> http://www.codinghorror.com/blog/2008/10/preventing-csrf-and-xsrf-attacks.html >
