__init__.py 文件源码

def pre_dispatch(request, controller, actionName):
    reason = None

    check_ok = True
    if request.method not in ('GET', 'HEAD', 'OPTIONS', 'TRACE'):

        action = getattr(controller, actionName)

        if not getattr(action, 'csrf_disabled', False):
            check_ok = False
            token = request.headers.get(CSRF_HEADER_NAME)
            if not token:
                data = await request.post()
                token = data.get(CSRF_FIELD_NAME)

            if token:
                if validate_token(token, await get_secret(request)):
                    check_ok = True
                else:
                    reason = REASON_BAD_TOKEN
            else:
                reason = REASON_NO_CSRF_COOKIE

    if not check_ok:
        raise web.HTTPForbidden(reason=reason)