Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Commits on Sep 9, 2015
  1. version 0.2.1

Commits on Jun 18, 2015
  1. Merge pull request #47 from killpanda/master

    add exempt url prefix support
  2. add exempt url prefix support

    killpanda authored
Commits on Nov 2, 2014
  1. Merge pull request #45 from maxcountryman/current-app

    use current_app, and _app_ctx_stack
  2. use

Commits on Oct 23, 2014
  1. fixup docstring

  2. use current_app, and _app_ctx_stack

    This removes the use of a specific app object from the extension,
    instead prefering the `current_app` proxy provided by Flask. This means
    that the use of Flask's global `g` (actually meant to be used by users
    but not extensions) is necessarily replaced by `_app_ctx_stack`. As a
    result, it is now possible to use a single instance of SeaSurf with
    multiple Flask application objects. Such an example might be with the
    factory pattern.
    Additionally a good deal of clean has happened which may not be
    backwards compatible, including removal of the helper functions `csrf`
    and `xsrf` as well as use of Python's preferred string interpolator,
    Fixes #44
Commits on Apr 29, 2014
  1. @cybertoast

    Look for CSRF token in the JSON data

    cybertoast authored committed
Commits on Nov 21, 2013
  1. Typo

    Djoume Salvetti authored
Commits on Sep 9, 2013
  1. version 0.1.22

  2. @alanhamlett
Commits on Aug 24, 2013
  1. version 0.1.21

Commits on Aug 23, 2013
  1. Merge pull request #37 from jpvanhal/cookie-flags

    Configurable HTTPOnly and secure flag for cookie
  2. @jpvanhal

    Fixed a typo

    jpvanhal authored
  3. @jpvanhal

    Configurable HTTPOnly and secure flag for cookie

    jpvanhal authored
    Added `CSRF_COOKIE_HTTPONLY` and `CSRF_COOKIE_SECURE` configuration
    parameters so that it is possible to set CSRF cookie's HTTPOnly and
    secure flags on.
Commits on Jul 17, 2013
  1. version 0.1.20

  2. @FSX

    Added Python 3 support.

    FSX authored committed
Commits on Jul 11, 2013
  1. version 0.1.19

  2. @alanhamlett

    should not check for CSRF token when the route for the request does n…

    alanhamlett authored committed
    …ot exist. This can happen for example when a non-GET request will generate a 404 not found response.
Commits on Jul 9, 2013
  1. Merge pull request #32 from alanhamlett/master

    Use view.__module__ and view.__name__ for exclude and include decorators
  2. @alanhamlett
Commits on Jun 28, 2013
  1. version 0.1.18

  2. adding theme submodule

    authored committed
Commits on Jun 26, 2013
  1. removing docs/_build

Commits on Jun 25, 2013
  1. version 0.1.17

  2. @zdexter

    Remove Jinja2 dependency by always setting the CSRF token if the requ…

    zdexter authored committed
    …est's endpoint should be protected.
Commits on Apr 7, 2013
  1. version 0.1.16

  2. Merge pull request #27 from ryankshaw/patch-1

    allow cross-domain ajax over https
Something went wrong with that request. Please try again.