On Monday, December 4, 2017 at 3:31:19 PM UTC-5, Michael Merickel wrote: > > > I'm in the process of migrating to the new cookie based csrf policy, > and it doesn't seem like there is an easy way to run different tokens on > HTTP vs HTTPS short of writing a new ICSRFStoragePolicy utility and > plugin. Has anyone worked on this before? > > Specialized use-cases are the reason we added the ability to provide a > custom storage policy. You'll probably want to write one. >
Thanks, Michael! I didn't really think this was that specialized, and wanted to ensure I wasn't missing anything obvious. Building a custom policy is pretty easy - it only took about 30 minutes to prototype with unit tests. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/9ec87cfb-ca98-41b8-a632-884c84e19e0d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.