– Secure Decorators

Security related decorators

Module Contents

Decorator for authenticating a form

This decorator uses an authorization token stored in the client’s session for prevention of certain Cross-site request forgery (CSRF) attacks (See for more information).

For use with the webhelpers.html.secure_form helper functions.

Decorator to redirect to the SSL version of a page if not currently using HTTPS. Apply this decorator to controller methods (actions).

Takes a url argument: either a string url, or a callable returning a string url. The callable will be called with no arguments when the decorated method is called. The url’s scheme will be rewritten to https if necessary.

Non-HTTPS POST requests are aborted (405 response code) by this decorator.


# redirect to HTTPS /pylons
def index(self):

# redirect to HTTPS /auth/login, delaying the url() call until
# later (as the url object may not be functional when the
# decorator/method are defined)
@https(lambda: url(controller='auth', action='login'))
def login(self):

# redirect to HTTPS version of myself
def get(self):