Browse files

Merge pull request #699 from davidjb/master

Clarify documentation for pyramid.session.check_csrf_token function
  • Loading branch information...
2 parents 768ae5b + ccf286e commit b402b9d7b4cbae595fcf872780a0364f204dd79c @mcdonc mcdonc committed Oct 2, 2012
Showing with 3 additions and 2 deletions.
  1. +3 −2 pyramid/
5 pyramid/
@@ -83,8 +83,9 @@ def signed_deserialize(serialized, secret, hmac=hmac):
def check_csrf_token(request, token='csrf_token', raises=True):
""" Check the CSRF token in the request's session against the value in
- ``request.params.get(token)``. If ``token`` is not supplied, the string
- value ``csrf_token`` will be used as the token value. If the value in
+ ``request.params.get(token)``. If a ``token`` keyword is not supplied
+ to this function, the string ``csrf_token`` will be used to look up
+ the token within ``request.params``. If the value in
``request.params.get(token)`` doesn't match the value supplied by
``request.session.get_csrf_token()``, and ``raises`` is ``True``, this
function will raise an :exc:`pyramid.httpexceptions.HTTPBadRequest`

0 comments on commit b402b9d

Please sign in to comment.