Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge pull request #112 from longhotsummer/master
Install csrf_token() for all template types.
  • Loading branch information
lepture committed Feb 15, 2014
2 parents 32ab9b4 + 8e5998c commit 69d9eaf
Show file tree
Hide file tree
Showing 4 changed files with 22 additions and 2 deletions.
2 changes: 1 addition & 1 deletion flask_wtf/__init__.py
Expand Up @@ -16,4 +16,4 @@
from .csrf import CsrfProtect
from .recaptcha import *

__version__ = '0.9.4'
__version__ = '0.9.5'
6 changes: 5 additions & 1 deletion flask_wtf/csrf.py
Expand Up @@ -130,9 +130,13 @@ def __init__(self, app=None):
self.init_app(app)

def init_app(self, app):
app.jinja_env.globals['csrf_token'] = generate_csrf
app.config.setdefault('WTF_CSRF_SSL_STRICT', True)
app.config.setdefault('WTF_CSRF_ENABLED', True)

# expose csrf_token as a helper in all templates
@app.context_processor
def csrf_token():
return dict(csrf_token=generate_csrf)

@app.before_request
def _csrf_protect():
Expand Down
8 changes: 8 additions & 0 deletions tests/templates/csrf.html
@@ -0,0 +1,8 @@

<!DOCTYPE html>

<html>
<body>
token: {{ csrf_token() }}
</body>
</html>
8 changes: 8 additions & 0 deletions tests/test_csrf.py
Expand Up @@ -184,3 +184,11 @@ def test_validate_csrf(self):
assert not validate_csrf('ff##dd')
csrf_token = generate_csrf()
assert validate_csrf(csrf_token)

def test_csrf_token_helper(self):
@self.app.route("/token")
def withtoken():
return render_template("csrf.html")

response = self.client.get('/token')
assert re.compile('token: [a-zA-Z0-9#.]{3,}').search(response.data)

0 comments on commit 69d9eaf

Please sign in to comment.