Security related decorators
Decorator for authenticating a form
This decorator uses an authorization token stored in the client’s session for prevention of certain Cross-site request forgery (CSRF) attacks (See http://en.wikipedia.org/wiki/Cross-site_request_forgery for more information).
For use with the webhelpers.html.secure_form helper functions.
Decorator to redirect to the SSL version of a page if not currently using HTTPS. Takes as arguments the parameters to pass to redirect_to. (Specify no arguments necessary to redirect the current page). Apply this decorator to controller methods (actions).
Non-https POST requests are aborted (405 response code) by this decorator.
Example:
@https('/pylons') # redirect to HTTPS /pylons
def index(self):
#...
# redirect to HTTPS /auth/login
@https(controller='auth', action='login')
def login(self):
#...
@https() # redirect to HTTPS version of myself
def get(self):
#...