yota icon indicating copy to clipboard operation
yota copied to clipboard

Published 20 hours ago verified publisher icon icook

Implement CSRF

Open ericecook opened this issue 11 years ago • 6 comments

ericecook avatar Jul 03 '13 06:07 ericecook

Just as a side note we probably want to figure out how to handle Django csrf since it's by default enabled. I had to disable it in the Django example to make it work. Although perhaps it would be good to split that task off into another issue.

icook avatar Jul 03 '13 06:07 icook

This has been pushed back since it requires a server-side persistense layer, or session connectivity. A cross-framework compatibility layer will need to be written to facilitate this, so it will likely come with the release of 0.3.

icook avatar Jul 19 '13 17:07 icook

To be honest. I think this should NOT be yota's responsibility. Otherwise it becomes very hard to remain framework agnostic.

prologic avatar Sep 06 '13 01:09 prologic

Agreed. What Isaac and I have discussed is a separate library (currently calling it pysistor) to handle framework agnostic persistence. Persistence is actually extremely useful to a form library, notably for things like csrf and captchas. Getting that allows for setting up captchas very rapidly, something which currently is a pretty big pain for most form libraries.

Pysistor itself is designed to be framework and backend agnostic, and is basically done, mostly just ironing out implementation details. Isaac can tell you more about it if you want, I don't think its on github yet.

ericecook avatar Sep 06 '13 19:09 ericecook

It actually is on github, it's just really green. I have a big update that I'll push in a few mins, gotta fix the broken tests first.

https://github.com/icook/pysistor

And yeah if I wasn't already making this for captchas I agree it would be of questionable time/value tradeoff.

icook avatar Sep 06 '13 19:09 icook

Sounds great. I'll check it out :)

James Mills / prologic

E: [email protected] W: prologic.shortcircuit.net.au

On Sat, Sep 7, 2013 at 5:19 AM, Isaac Cook [email protected] wrote:

It actually is on github, it's just really green. I have a big update that I'll push in a few mins, gotta fix the broken tests first.

https://github.com/icook/pysistor

And yeah if I wasn't already making this for captchas I agree it would be of questionable time/value tradeoff.

— Reply to this email directly or view it on GitHubhttps://github.com/icook/yota/issues/57#issuecomment-23963041 .

prologic avatar Sep 06 '13 23:09 prologic