Delete README.md
This commit is contained in:
Wagner Corrales
parent
c9d00596df
commit
928d30769e
75
README.md
75
README.md
@ -1,75 +0,0 @@
|
|||||||
Quart-Csrf
|
|
||||||
==========
|
|
||||||
|
|
||||||
Quart-Csrf is an extension for `Quart
|
|
||||||
<https://gitlab.com/pgjones/quart>`_ to provide CSRF protection.
|
|
||||||
The code is taked from `Flask-WTF
|
|
||||||
<https://github.com/lepture/flask-wtf>`_
|
|
||||||
|
|
||||||
Usage
|
|
||||||
-----
|
|
||||||
|
|
||||||
To enable CSRF protection globally for a Quart app, you have to create an CSRFProtect and
|
|
||||||
initialise it with the application,
|
|
||||||
|
|
||||||
.. code-block:: python
|
|
||||||
|
|
||||||
from quart_csrf import CSRFProtect
|
|
||||||
|
|
||||||
app = Quart(__name__)
|
|
||||||
CSRFProtect(app)
|
|
||||||
|
|
||||||
or via the factory pattern,
|
|
||||||
|
|
||||||
.. code-block:: python
|
|
||||||
|
|
||||||
csrf = CSRFProtect()
|
|
||||||
|
|
||||||
def create_app():
|
|
||||||
app = Quart(__name__)
|
|
||||||
csrf.init_app(app)
|
|
||||||
return app
|
|
||||||
|
|
||||||
Note: CSRF protection requires a secret key to securely sign the token. By default this will
|
|
||||||
use the QUART app's SECRET_KEY. If you'd like to use a separate token you can set QUART_CSRF_SECRET_KEY.
|
|
||||||
|
|
||||||
HTML Forms: render a hidden input with the token in the form.
|
|
||||||
|
|
||||||
.. code-block:: html
|
|
||||||
|
|
||||||
<form method="post">
|
|
||||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
|
|
||||||
</form>
|
|
||||||
|
|
||||||
JavaScript Requests: When sending an AJAX request, add the X-CSRFToken header to it. For example, in jQuery you can configure all requests to send the token.
|
|
||||||
|
|
||||||
.. code-block:: html
|
|
||||||
|
|
||||||
<meta name="csrf-token" content="{{ csrf_token() }}">
|
|
||||||
|
|
||||||
<script>
|
|
||||||
var csrf_token = $('meta[name=csrf-token]').attr('content'); // "{{ csrf_token() }}";
|
|
||||||
|
|
||||||
$.ajaxSetup({
|
|
||||||
beforeSend: function(xhr, settings) {
|
|
||||||
if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type) && !this.crossDomain) {
|
|
||||||
xhr.setRequestHeader("X-CSRFToken", csrf_token);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
});
|
|
||||||
</script>
|
|
||||||
|
|
||||||
Contributing
|
|
||||||
------------
|
|
||||||
|
|
||||||
Quart-Csrf is developed on `GitLab
|
|
||||||
<https://gitlab.com/wcorrales/quart-csrf>`_. You are very welcome to
|
|
||||||
open `issues <https://gitlab.com/wcorrales/quart-csrf/issues>`_ or
|
|
||||||
propose `merge requests
|
|
||||||
<https://gitlab.com/wcorrales/quart-csrf/merge_requests>`_.
|
|
||||||
|
|
||||||
Help
|
|
||||||
----
|
|
||||||
|
|
||||||
This README is the best place to start, after that try opening an
|
|
||||||
`issue <https://gitlab.com/wcorrales/quart-csrf/issues>`_.
|
|
||||||
Loading…
x
Reference in New Issue
Block a user