Re: [webpy] Re: getting false-rejection of form-post for CSRF violation

Wed, 30 May 2012 18:45:37 -0700 

Ah..I didn't read your code thoroughly enough.

Alas, I have found the problem though:

t_globals['csrf_token'] = csrf_token is only run once (when you run
blog.py) while your csrf_protect decorator is run at every request.
This may not be the BEST solution, but changing the GET request in the
New class to reassign t_globals for each request made it work for me:

class New:
 # ...
    def GET(self):
        t_globals['csrf_token'] = csrf_token()
        form = self.form()
        return render.new(form)
#...

On Wed, May 30, 2012 at 8:25 PM, Bill Seitz <[email protected]> wrote:
> Is the cookbook wrong about the workaround? 
> http://webpy.org/cookbook/session_with_reloader
>
> Plus, making that change did no good.
>
> On May 30, 5:53 pm, Jason Macgowan <[email protected]> wrote:
>> Try setting web.config.debug = False and test again; it seems to cause
>> issues with sessions
>>
>>
>>
>>
>>
>>
>>
>> On Wed, May 30, 2012 at 2:57 PM, Bill Seitz <[email protected]> wrote:
>> > I'm trying to build up a newbie-learning app that includes lots of
>> > cookbook stuff. I'm starting from the old 'blog' app.
>> >https://groups.google.com/group/webpy/browse_thread/thread/7ea1c52bc1...
>>
>> > I've put the app in GitHub.https://github.com/BillSeitz/webpy-blog-plus
>>
>> > I've recently added support for CSRF. But I'm getting false-positives
>> > (rejection). Can anyone figure out why?
>>
>> > My notes since starting this app are at:
>> >http://webseitz.fluxent.com/wiki/ExtendingWebpyBlogAppWithCookbookFea...
>>
>> > --
>> > You received this message because you are subscribed to the Google Groups 
>> > "web.py" group.
>> > To post to this group, send email to [email protected].
>> > To unsubscribe from this group, send email to 
>> > [email protected].
>> > For more options, visit this group 
>> > athttp://groups.google.com/group/webpy?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups 
> "web.py" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to 
> [email protected].
> For more options, visit this group at 
> http://groups.google.com/group/webpy?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"web.py" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/webpy?hl=en.

Reply via email to