CSRFConfig
class¶
Warning
The current page still doesn't have a translation for this language.
But you can help translating it: Contributing.
Reference for the CSRFConfig
class object and how to use it.
Read more about how to use the CSRFConfig in your application and leverage the system.
How to import¶
from esmerald import CSRFConfig
esmerald.config.csrf.CSRFConfig
¶
Bases: BaseModel
An instance of CRSFConfig.
This configuration is passed to the CSRFMiddleware and enables the middleware.
Tip
You can creatye your own CRSFMiddleware
version and pass your own
configurations. You don't need to use the built-in version although it
is recommended to do it so.
Example
from esmerald import Esmerald
from esmerald.config import CSRFConfig
csrf_config = CSRFConfig(secret="your-long-unique-secret")
app = Esmerald(csrf_config=csrf_config)
secret
instance-attribute
¶
secret
The string used for the encryption/decryption and used to create an HMAC to sign the CSRF token.
Tip
It is advised to use the same secret as the one in the settings to make it consistent.
cookie_name
class-attribute
instance-attribute
¶
cookie_name = 'csrftoken'
The name of the CSRF cookie.
header_name
class-attribute
instance-attribute
¶
header_name = 'X-CSRFToken'
The header expected that will be expected in each request.
secure
class-attribute
instance-attribute
¶
secure = False
Boolean flag when enabled sets Secure
on the cookie.
httponly
class-attribute
instance-attribute
¶
httponly = False
Boolean flag when enabled sets the cookie to be httpsOnly
.
samesite
class-attribute
instance-attribute
¶
samesite = 'lax'
The value to set in the SameSite
attribute of the cookie.
domain
class-attribute
instance-attribute
¶
domain = None
Specifies which hosts can receive the cookie.
safe_methods
class-attribute
instance-attribute
¶
safe_methods = {'GET', 'HEAD'}
A set of allowed safe methods that can set the cookie.