On Mon, Sep 25, 2017 at 10:40 PM, Mike Orr wrote:
> On Mon, Sep 25, 2017 at 9:00 PM, Mike Orr wrote:
>> On Mon, Sep 25, 2017 at 5:47 PM, Michael Merickel wrote:
So what's the best way forward?
>>>
>>> I think you covered your options pretty well.
>>>
>>> 1) Set wsgi.url_scheme to "http" as
On Mon, Sep 25, 2017 at 9:00 PM, Mike Orr wrote:
> On Mon, Sep 25, 2017 at 5:47 PM, Michael Merickel wrote:
>>> So what's the best way forward?
>>
>> I think you covered your options pretty well.
>>
>> 1) Set wsgi.url_scheme to "http" as origin checks are only done on https.
>> 2) Set the pyramid
On Mon, Sep 25, 2017 at 5:47 PM, Michael Merickel wrote:
>> So what's the best way forward?
>
> I think you covered your options pretty well.
>
> 1) Set wsgi.url_scheme to "http" as origin checks are only done on https.
> 2) Set the pyramid.csrf_trusted_origins as you are doing now.
> 3) Disable c
> So what's the best way forward?
I think you covered your options pretty well.
1) Set wsgi.url_scheme to "http" as origin checks are only done on https.
2) Set the pyramid.csrf_trusted_origins as you are doing now.
3) Disable csrf checking for your tests.
I think it's just a helpful reminder th
I have a Pyramid application which recently upgraded its login view to
do CSRF checking. I set 'require_csrf=True' in the view config. I
didn't set any of the configurator options for csrf so it defaults to
session storage, which is 'pyramid_redis_sessions'.
The application works fine but when I r