擅长:python、mysql、java
<p>金字塔包含它的<a href="https://docs.pylonsproject.org/projects/pyramid/en/latest/narr/security.html#checking-csrf-tokens-automatically" rel="nofollow noreferrer">own CSRF validation</a>,这可能是一个更好的选择。在</p>
<p>给定会话存储的CSRF令牌,这将导致以下配置:</p>
<pre><code>from pyramid.csrf import SessionCSRFStoragePolicy
def includeme(config):
# ...
config.set_csrf_storage_policy(SessionCSRFStoragePolicy())
config.set_default_csrf_options(require_csrf=True)
</code></pre>