apifrom.utils.csrf

Overview

Classes

CSRFProtection

Functions

generate_csrf_token()
verify_csrf_token()

Classes

class apifrom.utils.csrf.CSRFProtection(secret_key, cookie_name='csrf_token', header_name='X-CSRF-Token', form_field_name='csrf_token', exempt_methods=None, exempt_routes=None, token_expiry=3600)[source]

Parameters:

secret_key (str)
cookie_name (str)
header_name (str)
form_field_name (str)
exempt_methods (Optional[Set[str]])
exempt_routes (Optional[List[str]])
token_expiry (int)

Class that provides CSRF protection middleware and utilities.

Initialize the CSRF protection middleware.

param secret_key:

The secret key used to sign CSRF tokens.

param cookie_name:

The name of the cookie to store the CSRF token in.

param header_name:

The name of the header to look for the CSRF token in.

param form_field_name:

The name of the form field to look for the CSRF token in.

param exempt_methods:

HTTP methods that are exempt from CSRF protection.

param exempt_routes:

Routes that are exempt from CSRF protection.

param token_expiry:

How long CSRF tokens are valid for, in seconds.

Functions

apifrom.utils.csrf.generate_csrf_token(session_id=None)[source]

Parameters:: session_id (Optional[str])
Return type:: str

Generate a CSRF token for the given session ID.

param session_id:

The session ID to generate the token for.

returns:

The generated CSRF token.

rtype:

str

apifrom.utils.csrf.verify_csrf_token(token, session_id=None)[source]

Parameters:

token (str)
session_id (Optional[str])

Return type:

bool

Verify that the given CSRF token is valid for the session.

param token:

The CSRF token to verify.

param session_id:

The session ID to verify the token against.

returns:

True if the token is valid, False otherwise.

rtype:

bool