quart-csrf/README.md

Quart-Csrf
==========

Quart-Csrf is an extension for [Quart](https://gitlab.com/pgjones/quart) to provide CSRF protection.
The code is taked from [Flask-WTF](https://github.com/lepture/flask-wtf)

Usage
-----

To enable CSRF protection globally for a Quart app, you have to create an CSRFProtect and
initialise it with the application,
```python
    from quart_csrf import CSRFProtect

    app = Quart(__name__)
    CSRFProtect(app)
```

or via the factory pattern,
```python
    csrf = CSRFProtect()

    def create_app():
        app = Quart(__name__)
        csrf.init_app(app)
        return app
```

Note: CSRF protection requires a secret key to securely sign the token. By default this will
use the QUART app's SECRET_KEY. If you'd like to use a separate token you can set QUART_CSRF_SECRET_KEY.

HTML Forms: render a hidden input with the token in the form.
```html
    <form method="post">
        <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
    </form>
```

JavaScript Requests: When sending an AJAX request, add the X-CSRFToken header to it. For example, in jQuery you can configure all requests to send the token.
```javascript
    <meta name="csrf-token" content="{{ csrf_token() }}">

    <script>
        var csrf_token = $('meta[name=csrf-token]').attr('content');  // "{{ csrf_token() }}";

        $.ajaxSetup({
            beforeSend: function(xhr, settings) {
                if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type) && !this.crossDomain) {
                    xhr.setRequestHeader("X-CSRFToken", csrf_token);
                }
            }
        });
    </script>
```

Contributing
------------

Quart-Csrf is developed on [GitLab](https://gitlab.com/wcorrales/quart-csrf). You are very welcome to
open [issues](https://gitlab.com/wcorrales/quart-csrf/issues) or
propose [merge requests](https://gitlab.com/wcorrales/quart-csrf/merge_requests).

Help
----

This README is the best place to start, after that try opening an
[issue](https://gitlab.com/wcorrales/quart-csrf/issues).
Upload New File 2020-11-10 02:39:09 +00:00			`Quart-Csrf`
			`==========`

			`Quart-Csrf is an extension for [Quart](https://gitlab.com/pgjones/quart) to provide CSRF protection.`
			`The code is taked from [Flask-WTF](https://github.com/lepture/flask-wtf)`

			`Usage`
			`-----`

			`To enable CSRF protection globally for a Quart app, you have to create an CSRFProtect and`
			`initialise it with the application,`
			```python
			`from quart_csrf import CSRFProtect`

			`app = Quart(__name__)`
			`CSRFProtect(app)`
			```

			`or via the factory pattern,`
			```python
			`csrf = CSRFProtect()`

			`def create_app():`
			`app = Quart(__name__)`
			`csrf.init_app(app)`
			`return app`
			```

			`Note: CSRF protection requires a secret key to securely sign the token. By default this will`
			`use the QUART app's SECRET_KEY. If you'd like to use a separate token you can set QUART_CSRF_SECRET_KEY.`

			`HTML Forms: render a hidden input with the token in the form.`
			```html
			`<form method="post">`
			`<input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>`
			`</form>`
			```

			`JavaScript Requests: When sending an AJAX request, add the X-CSRFToken header to it. For example, in jQuery you can configure all requests to send the token.`
			```javascript
			`<meta name="csrf-token" content="{{ csrf_token() }}">`

			`<script>`
			`var csrf_token = $('meta[name=csrf-token]').attr('content'); // "{{ csrf_token() }}";`

			`$.ajaxSetup({`
			`beforeSend: function(xhr, settings) {`
			`if (!/^(GET\|HEAD\|OPTIONS\|TRACE)$/i.test(settings.type) && !this.crossDomain) {`
			`xhr.setRequestHeader("X-CSRFToken", csrf_token);`
			`}`
			`}`
			`});`
			`</script>`
			```

			`Contributing`
			`------------`

			`Quart-Csrf is developed on [GitLab](https://gitlab.com/wcorrales/quart-csrf). You are very welcome to`
			`open [issues](https://gitlab.com/wcorrales/quart-csrf/issues) or`
			`propose [merge requests](https://gitlab.com/wcorrales/quart-csrf/merge_requests).`

			`Help`
			`----`

			`This README is the best place to start, after that try opening an`
			`[issue](https://gitlab.com/wcorrales/quart-csrf/issues).`