Security related decorators
Decorator for authenticating a form
This decorator uses an authorization token stored in the client’s session for prevention of certain Cross-site request forgery (CSRF) attacks (See http://en.wikipedia.org/wiki/Cross-site_request_forgery for more information).
For use with the webhelpers.html.secure_form helper functions.
Decorator to redirect to the SSL version of a page if not currently using HTTPS. Apply this decorator to controller methods (actions).
Takes a url argument: either a string url, or a callable returning a string url. The callable will be called with no arguments when the decorated method is called. The url’s scheme will be rewritten to https if necessary.
Non-HTTPS POST requests are aborted (405 response code) by this decorator.
Example:
# redirect to HTTPS /pylons
@https('/pylons')
def index(self):
do_secure()
# redirect to HTTPS /auth/login, delaying the url() call until
# later (as the url object may not be functional when the
# decorator/method are defined)
@https(lambda: url(controller='auth', action='login'))
def login(self):
do_secure()
# redirect to HTTPS version of myself
@https()
def get(self):
do_secure()