github/datasette
1
0
Fork 0
mirror of https://github.com/simonw/datasette.git synced 2025-12-10 16:51:24 +01:00
Code Issues Projects Releases Packages Wiki Activity

Describe a common mistake using csrftoken()

Browse source
This commit is contained in:
Simon Willison 2021-09-22 15:44:28 -07:00 committed by GitHub
commit 63886178a6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
docs/internals.rst
View file

@ -793,6 +793,10 @@ If your plugin implements a ``<form method="POST">`` anywhere you will need to i
<input type="hidden" name="csrftoken" value="{{ csrftoken() }}">
If you are rendering templates using the :ref:`datasette_render_template` method the ``csrftoken()`` helper will only work if you provide the ``request=`` argument to that method. If you forget to do this you will see the following error::
form-urlencoded POST field did not match cookie
You can selectively disable CSRF protection using the :ref:`plugin_hook_skip_csrf` hook.
.. _internals_internal: