On Sun, Apr 17, 2016 at 5:45 AM, Christoph Zwerschke wrote:
> Any recommendation for a simple session factory just to support CSRF
> protection? I'm asking because the default session is unencrypted and not
> recommended when security is important, and pyramid_redis/beaker don't
Am 16.04.2016 um 23:27 schrieb Michael Merickel:
- You may also set "pyramid.require_default_csrf = yes" to globally
enable CSRF on your entire application and turn it off on a per-view
basis using "require_csrf=False" on individual views.
This requires to enable a session factory, though. I