Implement CSRF #57
Comments
|
Just as a side note we probably want to figure out how to handle Django csrf since it's by default enabled. I had to disable it in the Django example to make it work. Although perhaps it would be good to split that task off into another issue. |
|
This has been pushed back since it requires a server-side persistense layer, or session connectivity. A cross-framework compatibility layer will need to be written to facilitate this, so it will likely come with the release of 0.3. |
|
To be honest. I think this should NOT be yota's responsibility. |
|
Agreed. What Isaac and I have discussed is a separate library (currently calling it pysistor) to handle framework agnostic persistence. Persistence is actually extremely useful to a form library, notably for things like csrf and captchas. Getting that allows for setting up captchas very rapidly, something which currently is a pretty big pain for most form libraries. Pysistor itself is designed to be framework and backend agnostic, and is basically done, mostly just ironing out implementation details. Isaac can tell you more about it if you want, I don't think its on github yet. |
|
It actually is on github, it's just really green. I have a big update that I'll push in a few mins, gotta fix the broken tests first. https://github.com/icook/pysistor And yeah if I wasn't already making this for captchas I agree it would be of questionable time/value tradeoff. |
|
Sounds great. I'll check it out :) James Mills / prologic E: [email protected] On Sat, Sep 7, 2013 at 5:19 AM, Isaac Cook [email protected] wrote:
|
No description provided.
The text was updated successfully, but these errors were encountered: