pylons.decorators.secure
– Secure Decorators¶
Security related decorators
Module Contents¶
-
pylons.decorators.secure.
authenticate_form
(func)¶ Decorator for authenticating a form
This decorator uses an authorization token stored in the client’s session for prevention of certain Cross-site request forgery (CSRF) attacks (See http://en.wikipedia.org/wiki/Cross-site_request_forgery for more information).
For use with the
webhelpers.html.secure_form
helper functions.
-
pylons.decorators.secure.
https
(url_or_callable=None)¶ Decorator to redirect to the SSL version of a page if not currently using HTTPS. Apply this decorator to controller methods (actions).
Takes a url argument: either a string url, or a callable returning a string url. The callable will be called with no arguments when the decorated method is called. The url’s scheme will be rewritten to https if necessary.
Non-HTTPS POST requests are aborted (405 response code) by this decorator.
Example:
# redirect to HTTPS /pylons @https('/pylons') def index(self): do_secure() # redirect to HTTPS /auth/login, delaying the url() call until # later (as the url object may not be functional when the # decorator/method are defined) @https(lambda: url(controller='auth', action='login')) def login(self): do_secure() # redirect to HTTPS version of myself @https() def get(self): do_secure()