def _protect_xsrf_hook():
"""Before-request hook to protect from XSRF attacks."""
# No need to protect API calls.
if bottle.request.path.startswith('/api/'):
return
if bottle.request.method not in ('GET', 'HEAD'):
xsrf_token = bottle.request.forms.get('xsrf_token', 'N/A')
if xsrf_token != get_xsrf_token():
bottle.abort(400, 'XSRF token is incorrect or not set.')
评论列表
文章目录
