Protection from CSRF attacks for Sanic framework
Project description
### sanic_csrf
Works with all modern web-browsers, which support SameSite cookies.
(Firefox 60, Google Chrome 51, Opera 39 and later)
Checks request for CSRF token.
If CSRF is absent or invalid:
If it's a get request - installs new token in cookie and redirects to same page.
In other cases - raises 403 exception (forbidden).
Requires some session middleware to be installed.
That session plugin must use such interface:
```python
request['session'].get('variable') or request['session']['variable']
request['session']['variable'] = 4
```
For example, this ones will fit:
- 'sanic_session' (https://github.com/subyraman/sanic_session);
- 'sanic_session' (https://github.com/vlad1777d/sanic_session)
(fork of previous, more convenient middleware installation,
can be used without package installation);
## Example
A simple example:
```python
from sanic import Sanic
from sanic.response import text
import sanic_session
import sanic_csrf
app = Sanic()
sanic_session.install_middleware(app, 'InMemorySessionInterface')
sanic_csrf.install_middleware(app)
@app.route("/")
async def index(request):
# interact with the session like a normal dict
if not request['session'].get('foo'):
request['session']['foo'] = 0
request['session']['foo'] += 1
return text(request['session']['foo'])
if __name__ == "__main__":
app.run(host="0.0.0.0", port=8000, debug=True)
```
Works with all modern web-browsers, which support SameSite cookies.
(Firefox 60, Google Chrome 51, Opera 39 and later)
Checks request for CSRF token.
If CSRF is absent or invalid:
If it's a get request - installs new token in cookie and redirects to same page.
In other cases - raises 403 exception (forbidden).
Requires some session middleware to be installed.
That session plugin must use such interface:
```python
request['session'].get('variable') or request['session']['variable']
request['session']['variable'] = 4
```
For example, this ones will fit:
- 'sanic_session' (https://github.com/subyraman/sanic_session);
- 'sanic_session' (https://github.com/vlad1777d/sanic_session)
(fork of previous, more convenient middleware installation,
can be used without package installation);
## Example
A simple example:
```python
from sanic import Sanic
from sanic.response import text
import sanic_session
import sanic_csrf
app = Sanic()
sanic_session.install_middleware(app, 'InMemorySessionInterface')
sanic_csrf.install_middleware(app)
@app.route("/")
async def index(request):
# interact with the session like a normal dict
if not request['session'].get('foo'):
request['session']['foo'] = 0
request['session']['foo'] += 1
return text(request['session']['foo'])
if __name__ == "__main__":
app.run(host="0.0.0.0", port=8000, debug=True)
```
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
sanic_csrf-0.1.3.tar.gz
(2.3 kB
view hashes)
