Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mechanism for plugins to exclude certain paths from CSRF checks #1377

Closed
simonw opened this issue Jun 15, 2021 · 3 comments
Closed

Mechanism for plugins to exclude certain paths from CSRF checks #1377

simonw opened this issue Jun 15, 2021 · 3 comments

Comments

@simonw
Copy link
Owner

simonw commented Jun 15, 2021

I need this for a plugin I'm building that offers a POST API.

@simonw
Copy link
Owner Author

simonw commented Jun 15, 2021

The new skip_if_scope mechanism in asgi-csrf simonw/asgi-csrf#20 is designed to help here.

Now I need to design a plugin hook that allows plugins to have an opinion on whether a specific scope should have CSRF skipped.

@simonw
Copy link
Owner Author

simonw commented Jun 15, 2021

Potential hook names:

  • skip_csrf(scope, datasette)
  • ... I can't think of any other ones I would tolerate to be honest

@simonw
Copy link
Owner Author

simonw commented Jun 23, 2021

@simonw simonw closed this as completed Jun 23, 2021
simonw added a commit that referenced this issue Jun 24, 2021
simonw added a commit that referenced this issue Jul 15, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant