The internet is a dangerous place. One common type of attack your site's users can fall victim to is Cross-site Request Forgery attacks.

Garter provides a simple way to guard against these attacks, based on this snippet from the Flask snippet site.

To activate CSRF protection for your Flask application you need to do two things. First, call Garter's csrf function with your Flask app as a parameter:

The internet is a dangerous place. One common type of attack your site's users +can fall victim to is Cross-site Request Forgery attacks.

Garter provides a simple way to guard against these attacks, based on this +snippet from the Flask snippet site.

To activate CSRF protection for your Flask application you need to do two +things. First, call Garter's csrf function with your Flask app as a +parameter:

from garter.csrf import csrf
 csrf(app)

Once you do that you'll need to add a CSRF token to every form on your site that makes an HTTP POST request:

Once you do that you'll need to add a CSRF token to every form on your site +that makes an HTTP POST request:

<input type="hidden" value="{{ csrf_token() }}">

If you have certain views that need to be excluded from this protection (perhaps they receive POST requests from a third-party site) you can use the csrf_exempt decorator to disable protection:

If you have certain views that need to be excluded from this protection +(perhaps they receive POST requests from a third-party site) you can use the +csrf_exempt decorator to disable protection:

from garter.csrf import csrf, csrf_exempt
 
 @csrf_exempt
@@ -91,7 +98,9 @@

If for some reason you want to know when a CSRF attack happens, you can pass a function to the csrf call and it will be called whenever Garter detects an attack:

If for some reason you want to know when a CSRF attack happens, you can pass +a function to the csrf call and it will be called whenever Garter detects an +attack:

from garter.csrf import csrf
 
 attacks = 0
@@ -109,7 +118,8 @@
 arguments - The arguments that would normally be passed (if any) to that
   view.
 
-You can use this function to do anything you like; counting attacks is just a simple example.
+You can use this function to do anything you like; counting attacks is just a
+simple example.
                 
                 
                 
diff -r ca20cf1cb90b -r 388fd65c29fc garter/index.html
--- a/garter/index.html	Tue May 04 22:59:21 2010 -0400
+++ b/garter/index.html	Tue May 04 23:03:17 2010 -0400
@@ -60,7 +60,9 @@
                 
                 Garter
 
-
+
+    
+
 
 Garter is a collection of small utilities that makes creating webapps with
 Flask easier.
diff -r ca20cf1cb90b -r 388fd65c29fc garter/lesscss.html
--- a/garter/lesscss.html	Tue May 04 22:59:21 2010 -0400
+++ b/garter/lesscss.html	Tue May 04 23:03:17 2010 -0400
@@ -70,22 +70,28 @@
 can be a pain to run lessc --watch static/style.less every time you want to
 work on your styles. It gets even worse when you have more than one .less
 file.
-Garter provides a function that will automatically re-render .less files into CSS before each request if they've changed.
-You can activate it by calling the lesscss function with your Flask app as a parameter:
+Garter provides a function that will automatically re-render .less files
+into CSS before each request if they've changed.
+You can activate it by calling the lesscss function with your Flask app as a
+parameter:
 from garter.lesscss import lesscss
 lesscss(app)
 
 
 
-This will watch your app's static media directory and automatically render .less files into .css files in the same (sub)directory.
-When you deploy your app you might not want to accept the overhead of checking the modification time of your .less and .css files on each request.  A simple way to avoid this is wrapping the lesscss call in an if statement:
+This will watch your app's static media directory and automatically render
+.less files into .css files in the same (sub)directory.
+When you deploy your app you might not want to accept the overhead of checking
+the modification time of your .less and .css files on each request. A
+simple way to avoid this is wrapping the lesscss call in an if statement:
 if app.debug:
     from garter.lesscss import lesscss
     lesscss(app)
 
 
 
-If you do this you'll be responsible for rendering the .less files into CSS when you deploy in non-debug mode to your production server.
+If you do this you'll be responsible for rendering the .less files into
+CSS when you deploy in non-debug mode to your production server.
                 
                 
                 
diff -r ca20cf1cb90b -r 388fd65c29fc garter/urls.html
--- a/garter/urls.html	Tue May 04 22:59:21 2010 -0400
+++ b/garter/urls.html	Tue May 04 23:03:17 2010 -0400
@@ -66,15 +66,18 @@
                 
                 URL Convenience Functions
 
-URLs are a pain.  Garter tries to help by providing some useful functions to make working with URLs easier.
+URLs are a pain. Garter tries to help by providing some useful functions to
+make working with URLs easier.
 
 
 permalink
 
 
 permalink
-The permalink decorator was taken from
-this snippet on the Flask site. It's used to wrap functions so they only need to return the arguments to Flask's url_for function, instead of calling the function themselves.
+The permalink decorator was taken from this snippet on the
+Flask site. It's used to wrap functions so they only need to return the
+arguments to Flask's url_for function, instead of calling the function
+themselves.
 For example, say you have several classes that represents items on your site:
 from flask import url_for

CSRF Protection

Garter

URL Convenience Functions

permalink