Forks/quart-csrf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Replace README.md

Browse Source
This commit is contained in:
Wagner Corrales 2020-11-10 02:41:04 +00:00
parent d1de4f537b
commit 00000be5fb
1 changed files with 22 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
README.md
View File

@ -10,20 +10,20 @@ Usage
To enable CSRF protection globally for a Quart app, you have to create an CSRFProtect and To enable CSRF protection globally for a Quart app, you have to create an CSRFProtect and
initialise it with the application, initialise it with the application,
```python ```python
from quart_csrf import CSRFProtect from quart_csrf import CSRFProtect
app = Quart(__name__) app = Quart(__name__)
CSRFProtect(app) CSRFProtect(app)
``` ```
or via the factory pattern, or via the factory pattern,
```python ```python
csrf = CSRFProtect() csrf = CSRFProtect()
def create_app(): def create_app():
app = Quart(__name__) app = Quart(__name__)
csrf.init_app(app) csrf.init_app(app)
return app return app
``` ```
Note: CSRF protection requires a secret key to securely sign the token. By default this will Note: CSRF protection requires a secret key to securely sign the token. By default this will
@ -31,26 +31,26 @@ use the QUART app's SECRET_KEY. If you'd like to use a separate token you can se
HTML Forms: render a hidden input with the token in the form. HTML Forms: render a hidden input with the token in the form.
```html ```html
<form method="post"> <form method="post">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/> <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
</form> </form>
``` ```
JavaScript Requests: When sending an AJAX request, add the X-CSRFToken header to it. For example, in jQuery you can configure all requests to send the token. JavaScript Requests: When sending an AJAX request, add the X-CSRFToken header to it. For example, in jQuery you can configure all requests to send the token.
```javascript ```html
<meta name="csrf-token" content="{{ csrf_token() }}"> <meta name="csrf-token" content="{{ csrf_token() }}">
<script> <script>
var csrf_token = $('meta[name=csrf-token]').attr('content'); // "{{ csrf_token() }}"; var csrf_token = $('meta[name=csrf-token]').attr('content'); // "{{ csrf_token() }}";
$.ajaxSetup({ $.ajaxSetup({
beforeSend: function(xhr, settings) { beforeSend: function(xhr, settings) {
if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type) && !this.crossDomain) { if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type) && !this.crossDomain) {
xhr.setRequestHeader("X-CSRFToken", csrf_token); xhr.setRequestHeader("X-CSRFToken", csrf_token);
}
} }
}); }
</script> });
</script>
``` ```
Contributing Contributing