From d1de4f537be60269bc12d4456b444e00ed9a998a Mon Sep 17 00:00:00 2001 From: Wagner Corrales Date: Tue, 10 Nov 2020 02:39:09 +0000 Subject: [PATCH] Upload New File --- README.md | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..9914e22 --- /dev/null +++ b/README.md @@ -0,0 +1,67 @@ +Quart-Csrf +========== + +Quart-Csrf is an extension for [Quart](https://gitlab.com/pgjones/quart) to provide CSRF protection. +The code is taked from [Flask-WTF](https://github.com/lepture/flask-wtf) + +Usage +----- + +To enable CSRF protection globally for a Quart app, you have to create an CSRFProtect and +initialise it with the application, +```python + from quart_csrf import CSRFProtect + + app = Quart(__name__) + CSRFProtect(app) +``` + +or via the factory pattern, +```python + csrf = CSRFProtect() + + def create_app(): + app = Quart(__name__) + csrf.init_app(app) + return app +``` + +Note: CSRF protection requires a secret key to securely sign the token. By default this will +use the QUART app's SECRET_KEY. If you'd like to use a separate token you can set QUART_CSRF_SECRET_KEY. + +HTML Forms: render a hidden input with the token in the form. +```html +
+ +
+``` + +JavaScript Requests: When sending an AJAX request, add the X-CSRFToken header to it. For example, in jQuery you can configure all requests to send the token. +```javascript + + + +``` + +Contributing +------------ + +Quart-Csrf is developed on [GitLab](https://gitlab.com/wcorrales/quart-csrf). You are very welcome to +open [issues](https://gitlab.com/wcorrales/quart-csrf/issues) or +propose [merge requests](https://gitlab.com/wcorrales/quart-csrf/merge_requests). + +Help +---- + +This README is the best place to start, after that try opening an +[issue](https://gitlab.com/wcorrales/quart-csrf/issues).