Skip to content

fix: implement CSRF token handling and use requests.Session for that

Laurent Peuch requested to merge topic/default/header-csrf into branch/default

Closes cubicweb#412 (closed)

You need to uses this CW MR cubicweb!341 (merged) and, at least on my computer, it fixes the test suit.

I'm really not sure about the whole "NO-CSRF-CHECK": "1", that we did and I just ended up basically implementing csrf management and, surprise, it works as expected ^^'

But that requires to hold a requests.Session object and the csrf token.

Edited by Elouan Martinet

Merge request reports