CSRF

csrf prevents cross-site request forgery (CSRF) on your application

Import

from mocha import csrf

Automatically all POST, UPDATE methods will require a CSRF token, unless explicitly exempt.

To exempt and endpoint, jus add the decorator csrf.exempt

class Index(Mocha):

    def index(self):
        pass

    @csrf.exempt
    def exempted_post(self):
        pass

    @post()
    def save_data(self):
        pass

In the example above, when posting to /exempted-post/ it will not require the CSRF token, however /save-data/ requires it.

Config

    CSRF_COOKIE_NAME  # _csrf_token
    CSRF_HEADER_NAME  # X-CSRFToken
    CSRF_DISABLE
    CSRF_COOKIE_TIMEOUT
    CSRF_COOKIE_SECURE
    CSRF_COOKIE_HTTPONLY
    CSRF_COOKIE_DOMAIN
    CSRF_CHECK_REFERER
    SEASURF_INCLUDE_OR_EXEMPT_VIEWS

About

Extension: flask-seasurf

SeaSurf is a Flask extension for preventing cross-site request forgery (CSRF).

CSRF vulnerabilities have been found in large and popular sites such as YouTube. These attacks are problematic because the mechanism they use is relatively easy to exploit. This extension attempts to aid you in securing your application from such attacks.