Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge branch 'master' of github.com:Pylons/pyramid

  • Loading branch information...
commit 571f1b6836bec084feec70ccf1e0fb8ced0af317 2 parents 768ae5b + b402b9d
@mcdonc mcdonc authored
Showing with 3 additions and 2 deletions.
  1. +3 −2 pyramid/session.py
View
5 pyramid/session.py
@@ -83,8 +83,9 @@ def signed_deserialize(serialized, secret, hmac=hmac):
def check_csrf_token(request, token='csrf_token', raises=True):
""" Check the CSRF token in the request's session against the value in
- ``request.params.get(token)``. If ``token`` is not supplied, the string
- value ``csrf_token`` will be used as the token value. If the value in
+ ``request.params.get(token)``. If a ``token`` keyword is not supplied
+ to this function, the string ``csrf_token`` will be used to look up
+ the token within ``request.params``. If the value in
``request.params.get(token)`` doesn't match the value supplied by
``request.session.get_csrf_token()``, and ``raises`` is ``True``, this
function will raise an :exc:`pyramid.httpexceptions.HTTPBadRequest`
Please sign in to comment.
Something went wrong with that request. Please try again.