gregorynicholas / flask-xsrf Public

Notifications You must be signed in to change notification settings
Fork 6
Star 16

flask extension for defending against cross-site request forgery attacks (XSRF/CSRF)

gregorynicholas.github.io/flask-xsrf

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 10 Commits
.gitignore		.gitignore
.travis.yml		.travis.yml
LICENSE		LICENSE
README.md		README.md
flask_xsrf.py		flask_xsrf.py
flask_xsrf_tests.py		flask_xsrf_tests.py
pypi.sh		pypi.sh
requirements.txt		requirements.txt
setup.py		setup.py

Repository files navigation

flask_xsrf

A Flask extension for defending against cross-site request forgery attacks (XSRF/CSRF).

install with pip

pip install flask-xsrf

usage

from flask import Flask, Response, session
app = Flask(__name__)
app.debug = True
app.secret_key = 'session_secret_key'
app.config['session_cookie_secure'] = True
app.config['remember_cookie_name'] = 'testdomain.com'
app.config['remember_cookie_duration_in_days'] = 1

@app.before_request
def before_request():
  if 'user_id' not in session:
    session['user_id'] = 'random_generated_anonymous_id'

def get_user_id():
  return session.get('user_id')

xsrfh = xsrf.XSRFTokenHandler(
  user_func=get_user_id, secret='xsrf_secret', timeout=3600)

@app.route('/test', methods=['GET'])
@xsrfh.send_token()
def test_get():
  return Response('success')

@app.route('/test', methods=['POST'])
@xsrfh.handle_token()
def test_post():
  return Response('success')