OK, I switched to Pyramid 1.9.1 (using CookieCSRFStoragePolicy, and settings default CSRF options with require_csrf=True) and everything seems to be OK! Just added javascript code to always add my token (received as cookie) as "X-CSRF-Token" header to every POST request...
Best regards, Thierry 2017-12-12 23:43 GMT+01:00 Bert JW Regeer <xiste...@0x58.com>: > I’m trying to follow what you are saying… and none of it is making any > sense. > > > On Dec 12, 2017, at 12:15, Jonathan Vanasco <jonat...@findmeon.com> wrote: > > you're absolutely correct. i used a very bad choice of words and should > have been specific because I was thinking of something weird. i meant to > refer to using the new storage policy to implement the "encrypted token > pattern", which basically bootstraps a micro session into a first dedicated > csrf cookie, then programmatically constructing a request with a second > cookie set by the client. > > -- > You received this message because you are subscribed to the Google Groups > "pylons-discuss" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to pylons-discuss+unsubscr...@googlegroups.com. > To post to this group, send email to pylons-discuss@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/pylons-discuss/49f94c31-af2a-43ba-8305-cf75f3092b36% > 40googlegroups.com > <https://groups.google.com/d/msgid/pylons-discuss/49f94c31-af2a-43ba-8305-cf75f3092b36%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > > > -- > You received this message because you are subscribed to the Google Groups > "pylons-discuss" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to pylons-discuss+unsubscr...@googlegroups.com. > To post to this group, send email to pylons-discuss@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/pylons-discuss/844BFC4E-C910-4070-9AA7-F1758986CC88%400x58.com > <https://groups.google.com/d/msgid/pylons-discuss/844BFC4E-C910-4070-9AA7-F1758986CC88%400x58.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- http://www.imagesdusport.com -- http://www.ztfy.org -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/CAPX_VWAnLBWm-YkYo5N_hbKkXW2JiJTHM6zH56XDPsg%2BstftNw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
