Skip to main content

Quart CSRF Protection

Project description

Quart-Csrf

Quart-Csrf is an extension for Quart to provide CSRF protection. The code is taked from Flask-WTF.

Usage

To enable CSRF protection globally for a Quart app, you have to create an CSRFProtect and initialise it with the application,

from quart_csrf import CSRFProtect

app = Quart(__name__)
CSRFProtect(app)

or via the factory pattern,

csrf = CSRFProtect()

def create_app():
    app = Quart(__name__)
    csrf.init_app(app)
    return app

Note: CSRF protection requires a secret key to securely sign the token. By default this will use the QUART app's SECRET_KEY. If you'd like to use a separate token you can set QUART_CSRF_SECRET_KEY.

HTML Forms: render a hidden input with the token in the form.

<form method="post">
    <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
</form>

JavaScript Requests: When sending an AJAX request, add the X-CSRFToken header to it. For example, in jQuery you can configure all requests to send the token.

<meta name="csrf-token" content="{{ csrf_token() }}">

<script>
    var csrf_token = $('meta[name=csrf-token]').attr('content');
    // var csrf_token = "{{ csrf_token() }}";

    $.ajaxSetup({
        beforeSend: function(xhr, settings) {
            if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type) && !this.crossDomain) {
                xhr.setRequestHeader("X-CSRFToken", csrf_token);
            }
        }
    });
</script>

Contributing

Quart-Csrf is developed on GitLab. You are very welcome to open issues or propose merge requests.

Help

This README is the best place to start, after that try opening an issue.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

quart-csrf-0.2.tar.gz (5.1 kB view details)

Uploaded Source

Built Distribution

quart_csrf-0.2-py3-none-any.whl (6.2 kB view details)

Uploaded Python 3

File details

Details for the file quart-csrf-0.2.tar.gz.

File metadata

  • Download URL: quart-csrf-0.2.tar.gz
  • Upload date:
  • Size: 5.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.6.1 requests/2.21.0 setuptools/50.3.2 requests-toolbelt/0.9.1 tqdm/4.51.0 CPython/3.7.3

File hashes

Hashes for quart-csrf-0.2.tar.gz
Algorithm Hash digest
SHA256 55d31c50e13abce0f23e904d003ae819e9990e3d8d47cef06bd689525f1001f0
MD5 6b2522c11289bc31ffeb7985106b0e73
BLAKE2b-256 97a2ebea6d7c4339699eceacc9b3848fcdb3ac27ba4b7122b20d2133937c701c

See more details on using hashes here.

File details

Details for the file quart_csrf-0.2-py3-none-any.whl.

File metadata

  • Download URL: quart_csrf-0.2-py3-none-any.whl
  • Upload date:
  • Size: 6.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.6.1 requests/2.21.0 setuptools/50.3.2 requests-toolbelt/0.9.1 tqdm/4.51.0 CPython/3.7.3

File hashes

Hashes for quart_csrf-0.2-py3-none-any.whl
Algorithm Hash digest
SHA256 c80718ac80915010034217bb78a1aeec35650832fd865ce95530a825a172239a
MD5 b04f1951c9386327f6cea13b72d33a79
BLAKE2b-256 b2915bde02c06d8e941630929bc27aac56d66c17e1ff10e929627c3bc1213ae1

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page