Skip to content

CSRF

CSRF Middleware.

CSRFMiddleware

CSRF Middleware.

For GET requests, set a random token as a cookie. For unsafe HTTP methods, require a HTTP header to match the cookie value, otherwise the request is rejected.

This uses the Double Submit Cookie style of CSRF prevention. For more information:

Double Submit Cookie Use of custom request headers

Warning

This is currently only intended for use using AJAX - since the CSRF token needs to be added to the request header.

SubmitMethod

Authorized methods to use when transmitting the CSRF token.

  • HEADER
  • FORM

get_new_token()

Generate a CSRF token.

The CSRF token is composed of ascii letters and digits only

Returns:

Type Description
str

The CSRF token
Source code in turbulette/middleware/csrf.py 
def get_new_token() -> str:
    """Generate a CSRF token.

    The CSRF token is composed of ascii letters and digits only

    Returns:
        The CSRF token
    """
    return get_random_string(CSRF_TOKEN_LENGTH, ascii_letters + digits)
Last update: 2021-02-18