Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ondratu/csrf-protect
Simple concept of csrf protection in python
https://github.com/ondratu/csrf-protect
Last synced: 28 days ago
JSON representation
Simple concept of csrf protection in python
- Host: GitHub
- URL: https://github.com/ondratu/csrf-protect
- Owner: ondratu
- Created: 2015-12-06T19:11:50.000Z (about 9 years ago)
- Default Branch: master
- Last Pushed: 2015-12-07T19:27:23.000Z (about 9 years ago)
- Last Synced: 2024-10-24T10:43:40.119Z (2 months ago)
- Language: Python
- Size: 2.93 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.rst
Awesome Lists containing this project
README
csrf-protect
============
* CSRF defintion on `Wikipedia
`_
Very simple library for CSRF protection.
The base mine of this library is secret server key, which is used for
generating token, user hash, which is generating when user is logged in
and reference string, which could be http referer for example.
Each new token is generated on page from which are new requests allowed,
and each method check, if original token is same as which is generated with
same path.
.. code-block:: python
@app.route('/')
def root_uri(req):
# permanent token from user cookie hash (must be protected/crypted)
token = get_token(secret, cookie.data['hash'], referer)
@app.route('/')
def root_uri(req):
# same example but token expired after 10 - 19 minutes
token = get_token(secret, cookie.data['hash'], referer, 10)
@app.route('/protected')
def protected(req):
cookie_hash = cookie.data.get('hash')
token = req.args.get('token')
referer = req.referer.split('?')[0]
# permanent token check
if not check_token(token, secret, cookie_hash, referer):
raise Exception('token failed')
# token with time to live information
if not check_token(token, secret, cookie_hash, referer, 10):
raise Exception('token failed')