CSRFConfig class¶
Reference for the CSRFConfig class object and how to use it.
Read more about how to use the CSRFConfig in your application and leverage the system.
How to import¶
from esmerald import CSRFConfig
Bases: BaseModel
An instance of CRSFConfig.
This configuration is passed to the CSRFMiddleware and enables the middleware.
Tip
You can creatye your own CRSFMiddleware version and pass your own
configurations. You don't need to use the built-in version although it
is recommended to do it so.
Example
from esmerald import Esmerald
from esmerald.config import CSRFConfig
csrf_config = CSRFConfig(secret="your-long-unique-secret")
app = Esmerald(csrf_config=csrf_config)
instance-attribute
¶
secret
The string used for the encryption/decryption and used to create an HMAC to sign the CSRF token.
Tip
It is advised to use the same secret as the one in the settings to make it consistent.
class-attribute
instance-attribute
¶
cookie_name = 'csrftoken'
The name of the CSRF cookie.
class-attribute
instance-attribute
¶
header_name = 'X-CSRFToken'
The header expected that will be expected in each request.
class-attribute
instance-attribute
¶
secure = False
Boolean flag when enabled sets Secure on the cookie.
class-attribute
instance-attribute
¶
httponly = False
Boolean flag when enabled sets the cookie to be httpsOnly.
class-attribute
instance-attribute
¶
samesite = 'lax'
The value to set in the SameSite attribute of the cookie.
class-attribute
instance-attribute
¶
domain = None
Specifies which hosts can receive the cookie.
class-attribute
instance-attribute
¶
safe_methods = {'GET', 'HEAD'}
A set of allowed safe methods that can set the cookie.