Configuration#
Configuration Values#
Variable |
Type |
Default |
Description |
---|---|---|---|
|
|
|
Set to |
|
|
|
When using the CSRF protection extension, this contols whether every view is protected by default. |
|
|
|
Random data for generating secure tokens. If this is not set then
|
|
|
|
HTTP methods to protect from CSRF. |
|
|
|
Name of the form field and session key that holds the CSRF token. |
|
|
|
HTTP headers to search for CSRF token when it is not provided in the form. |
|
|
|
Max age in seconds for CSRF tokens. If set to |
|
|
|
Determines to enforce the same orgin policy by checking that the referrer matches the host. Only applies to HTTPS requests. |
|
|
|
Set to |
Logging#
CSRF errors are logged at the INFO
level to the quart_wtf.csrf
logger.
You still need to configure logging in your application in order to see these
messages.