This is just what I did with the help from the amazing examples at ckanext-security and ckan-ex-qgov.
Hopefully this will help explain how to set this up for others.
This hasn’t been cleaned up (e.g. files could be in a directory, better naming, removing unused/commented code, etc.)
- 3 files to add to your extension
- Edits needed to your
streaming=False is set
Here’s a PR that has it implemented.
3 Files to add
Add these 3 files (orig_anti_csrf.py, anti_csrf.py, and anti_csrf3.py) to your extension (e.g.
- orig_anti_csrf.py - which was based on qgoc anti_csrf.py
- anti_csrf.py - which was based on security anti_csrf.py
- anti_csrf3.py - which was based on security middleware.py
Edits to your plugin.py
CKAN 2.8.3 has this set, but if you’re older than that, you’ll need to set
ckan/config/middleware/pylons_app.py (see PR #4657).