Additional arguments to the claim callable #36
Comments
|
Honestly, I would be more interested in including CSRF protection directly. Changing the callable signature to be more flexible is also desirable. |
|
As with the other issue, I am OK with omitting user, and passing |
willstott101
changed the title
|
Could do... https://github.com/smartfile/django-session-jwt/blob/master/django_session_jwt/middleware/session.py#L181 currently the user object isn't set back onto request, and it'd never be None I guess if we're assuming |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'd like to implement a double submit cookie for micro-service CSRF. I'm not sure how to do this cleanly without expanding the arguments the configurable
CALLABLEtakes. As I'll need to add a claim based on response data (whether I parse the response or just access an attribute) I need to receive the response (and/or request) in the CALLABLE.I'd like to propose we suggest users configure their callable with
def my_callable(..., **kwargs):so in the future this can be expanded, and then pass in(user=..., request=..., response=...)instead of(user).Would you be interested in receiving a non-backwards compatible version of this patch? A backwards compatible version might be to have a different configurable callable like
FULL_CALLABLE(ideally with a better name).The text was updated successfully, but these errors were encountered: