/flask-seasurf

SeaSurf is a Flask extension for preventing cross-site request forgery (CSRF).
  1. Python 100.0%
Python

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Download ZIP
Find file
Switch branches/tags
Nothing to show
Latest commit a46c5ba Jan 3, 2017 @ninadmhatre ninadmhatre committed with Updated docs to mention TESTING mode (#68) 
I have added the Note section to mention about the TESTING mode. if TESTING = TRUE, then tokens are not generated and SeaSruf silently returns. This will cause tokens to be "None" in the HTML forms.
Permalink
Failed to load latest commit information.
docs Updated docs to mention TESTING mode (#68) Jan 4, 2017
.gitignore adding theme submodule Jun 28, 2013
.gitmodules adding theme submodule Jun 28, 2013
.travis.yml
LICENSE first commit Dec 6, 2011
README.markdown updating Travis build status link Jun 28, 2013
flask_seasurf.py Except json.get error for JSON list data Nov 16, 2016
setup.py Added Python 3 classifier to setup.py Sep 16, 2016
test_seasurf.py tests for token in header, form data, and invalid json Sep 9, 2016

README.markdown

#Flask-SeaSurf

build status

SeaSurf is a Flask extension for preventing cross-site request forgery (CSRF).

CSRF vulnerabilities have been found in large and popular sites such as YouTube. These attacks are problematic because the mechanism they use is relatively easy to exploit. This extension attempts to aid you in securing your application from such attacks.

This extension is based on the excellent Django middleware.

##Installation

Install the extension with one of the following commands:

$ easy_install flask-seasurf

or alternatively if you have pip installed:

$ pip install flask-seasurf

##Usage

Using SeaSurf is fairly straightforward. Begin by importing the extension and then passing your application object back to the extension, like this:

from flask.ext.seasurf import SeaSurf
csrf = SeaSurf(app)

##Documentation

The Sphinx-compiled documentation is available here: http://packages.python.org/Flask-SeaSurf/