websauna.system.form.csrf module

class websauna.system.form.csrf.CSRFSchema(*arg, **kw)[source]

Bases: colander.Schema

Schema base class which generates CSRF token.


from websauna.system.form.schema import CSRFSchema
import colander

class MySchema(CSRFSchema):
    my_value = colander.SchemaNode(colander.String())

And in your application code, *bind* the schema, passing the request as a keyword argument:

.. code-block:: python

  def aview(request):
      schema = MySchema().bind(request=request)

The token is automatically then verified by Pyramid CSRF view deriver.

Original code: https://github.com/Pylons/pyramid_deform/blob/master/pyramid_deform/__init__.py


Add a hidden csrf_token field on the existing Colander schema.