On Tue, Jun 20, 2017 at 11:38 AM, Mike Orr <sluggos...@gmail.com> wrote:
> > has anyone written a migration guide for the CSRF stuff yet? > > One question is, how do you configure one handling class or another? > How is the default legacy handler set, and will it always be so or > should we do something to future-proof our application? Just start using the new pyramid.csrf APIs instead of request.session.get_csrf_token() etc and things will work with any policy instead of just the legacy one. The get_csrf_token() function is injected into templates as well for convenience in writing forms. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/CAKdhhwFiuA%2BDWf0S3TPUHTHD98Firx5vjNzfWPRUUS4ZCagwbA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.