You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'd like to implement a double submit cookie for micro-service CSRF. I'm not sure how to do this cleanly without expanding the arguments the configurable CALLABLE takes. As I'll need to add a claim based on response data (whether I parse the response or just access an attribute) I need to receive the response (and/or request) in the CALLABLE.
I'd like to propose we suggest users configure their callable with def my_callable(..., **kwargs): so in the future this can be expanded, and then pass in (user=..., request=..., response=...) instead of (user).
Would you be interested in receiving a non-backwards compatible version of this patch? A backwards compatible version might be to have a different configurable callable like FULL_CALLABLE (ideally with a better name).
The text was updated successfully, but these errors were encountered:
As with the other issue, I am OK with omitting user, and passing request and response instead. response could be a kwarg, while request would be required to give the callable access to request.user.
willstott101
changed the title
Additional claims
Additional arguments to the claim callable
Nov 9, 2021
I'd like to implement a double submit cookie for micro-service CSRF. I'm not sure how to do this cleanly without expanding the arguments the configurable
CALLABLE
takes. As I'll need to add a claim based on response data (whether I parse the response or just access an attribute) I need to receive the response (and/or request) in the CALLABLE.I'd like to propose we suggest users configure their callable with
def my_callable(..., **kwargs):
so in the future this can be expanded, and then pass in(user=..., request=..., response=...)
instead of(user)
.Would you be interested in receiving a non-backwards compatible version of this patch? A backwards compatible version might be to have a different configurable callable like
FULL_CALLABLE
(ideally with a better name).The text was updated successfully, but these errors were encountered: