Protection from CSRF attacks for Sanic framework
Project description
### sanic_csrf
Works with all modern web-browsers, which support SameSite cookies.
(Firefox 60, Google Chrome 51, Opera 39 and later)
Checks request for CSRF token.
If CSRF is absent or invalid:
If it's a get request - installs new token in cookie and redirects to same page.
In other cases - raises 403 exception (forbidden).
Requires some session middleware to be installed.
That session plugin must use such interface:
```python
request['session'].get('variable') or request['session']['variable']
request['session']['variable'] = 4
```
For example, this ones will fit:
- 'sanic_session' (https://github.com/subyraman/sanic_session);
- 'sanic_session' (https://github.com/vlad1777d/sanic_session)
(fork of previous, more convenient middleware installation,
can be used without package installation);
## Example
A simple example:
```python
from sanic import Sanic
from sanic.response import text
import sanic_session
import sanic_csrf
app = Sanic()
sanic_session.install_middleware(app, 'InMemorySessionInterface')
sanic_csrf.install_middleware(app)
@app.route("/")
async def index(request):
# interact with the session like a normal dict
if not request['session'].get('foo'):
request['session']['foo'] = 0
request['session']['foo'] += 1
return text(request['session']['foo'])
if __name__ == "__main__":
app.run(host="0.0.0.0", port=8000, debug=True)
```
Works with all modern web-browsers, which support SameSite cookies.
(Firefox 60, Google Chrome 51, Opera 39 and later)
Checks request for CSRF token.
If CSRF is absent or invalid:
If it's a get request - installs new token in cookie and redirects to same page.
In other cases - raises 403 exception (forbidden).
Requires some session middleware to be installed.
That session plugin must use such interface:
```python
request['session'].get('variable') or request['session']['variable']
request['session']['variable'] = 4
```
For example, this ones will fit:
- 'sanic_session' (https://github.com/subyraman/sanic_session);
- 'sanic_session' (https://github.com/vlad1777d/sanic_session)
(fork of previous, more convenient middleware installation,
can be used without package installation);
## Example
A simple example:
```python
from sanic import Sanic
from sanic.response import text
import sanic_session
import sanic_csrf
app = Sanic()
sanic_session.install_middleware(app, 'InMemorySessionInterface')
sanic_csrf.install_middleware(app)
@app.route("/")
async def index(request):
# interact with the session like a normal dict
if not request['session'].get('foo'):
request['session']['foo'] = 0
request['session']['foo'] += 1
return text(request['session']['foo'])
if __name__ == "__main__":
app.run(host="0.0.0.0", port=8000, debug=True)
```
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
sanic_csrf-0.1.3.tar.gz
(2.3 kB
view details)
File details
Details for the file sanic_csrf-0.1.3.tar.gz.
File metadata
- Download URL: sanic_csrf-0.1.3.tar.gz
- Upload date:
- Size: 2.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: Python-urllib/3.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | ba4d52f5de664e67ed21e0a59c1980e339d90a6b5412b522d6e5145ffecc90dd |
|
| MD5 | 1f8c17d6ec0b2ba11dadf1985a2b5960 |
|
| BLAKE2b-256 | bd6626367389ad7b0b7197b075195a061317c6505f4d192721ba982241d872c2 |
