Skip to content

CSRFConfig class

Reference for the CSRFConfig class object and how to use it.

Read more about how to use the CSRFConfig in your application and leverage the system.

How to import

from esmerald import CSRFConfig


Bases: BaseModel

An instance of CRSFConfig.

This configuration is passed to the CSRFMiddleware and enables the middleware.


You can creatye your own CRSFMiddleware version and pass your own configurations. You don't need to use the built-in version although it is recommended to do it so.


from esmerald import Esmerald
from esmerald.config import CSRFConfig

csrf_config = CSRFConfig(secret="your-long-unique-secret")

app = Esmerald(csrf_config=csrf_config)

secret instance-attribute


The string used for the encryption/decryption and used to create an HMAC to sign the CSRF token.


It is advised to use the same secret as the one in the settings to make it consistent.

cookie_name class-attribute instance-attribute

cookie_name = 'csrftoken'

The name of the CSRF cookie.

cookie_path class-attribute instance-attribute

cookie_path = '/'

Name path of the CSRF cookie.

header_name class-attribute instance-attribute

header_name = 'X-CSRFToken'

The header expected that will be expected in each request.

secure class-attribute instance-attribute

secure = False

Boolean flag when enabled sets Secure on the cookie.

httponly class-attribute instance-attribute

httponly = False

Boolean flag when enabled sets the cookie to be httpsOnly.

samesite class-attribute instance-attribute

samesite = 'lax'

The value to set in the SameSite attribute of the cookie.

domain class-attribute instance-attribute

domain = None

Specifies which hosts can receive the cookie.

safe_methods class-attribute instance-attribute

safe_methods = {'GET', 'HEAD'}

A set of allowed safe methods that can set the cookie.