Yes, of course! Hmm, under a scenario where someone's opening multiple forms at the same time (e.g. opening edit forms for multiple blog posts and moving text around before saving any), you'd actually want instance-specific tokens, right? (I'm not going to worry about that case for now, but I could see it being an issue, right?)
On May 30, 8:45 pm, Jason Macgowan <[email protected]> wrote: > Ah..I didn't read your code thoroughly enough. > > Alas, I have found the problem though: > > t_globals['csrf_token'] = csrf_token is only run once (when you run > blog.py) while your csrf_protect decorator is run at every request. > This may not be the BEST solution, but changing the GET request in the > New class to reassign t_globals for each request made it work for me: > > class New: > # ... > def GET(self): > t_globals['csrf_token'] = csrf_token() > form = self.form() > return render.new(form) > #... > > > > > > > > On Wed, May 30, 2012 at 8:25 PM, Bill Seitz <[email protected]> wrote: > > Is the cookbook wrong about the > > workaround?http://webpy.org/cookbook/session_with_reloader > > > Plus, making that change did no good. > > > On May 30, 5:53 pm, Jason Macgowan <[email protected]> wrote: > >> Try setting web.config.debug = False and test again; it seems to cause > >> issues with sessions > > >> On Wed, May 30, 2012 at 2:57 PM, Bill Seitz <[email protected]> wrote: > >> > I'm trying to build up a newbie-learning app that includes lots of > >> > cookbook stuff. I'm starting from the old 'blog' app. > >> >https://groups.google.com/group/webpy/browse_thread/thread/7ea1c52bc1... > > >> > I've put the app in GitHub.https://github.com/BillSeitz/webpy-blog-plus > > >> > I've recently added support for CSRF. But I'm getting false-positives > >> > (rejection). Can anyone figure out why? > > >> > My notes since starting this app are at: > >> >http://webseitz.fluxent.com/wiki/ExtendingWebpyBlogAppWithCookbookFea... > > >> > -- > >> > You received this message because you are subscribed to the Google > >> > Groups "web.py" group. > >> > To post to this group, send email to [email protected]. > >> > To unsubscribe from this group, send email to > >> > [email protected]. > >> > For more options, visit this group > >> > athttp://groups.google.com/group/webpy?hl=en. > > > -- > > You received this message because you are subscribed to the Google Groups > > "web.py" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group > > athttp://groups.google.com/group/webpy?hl=en. -- You received this message because you are subscribed to the Google Groups "web.py" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/webpy?hl=en.
