Home/ Questions/Q 6947249
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T13:40:12+00:00

Cross-site request forgery is common on web now a days. I am facing this

  • 0

Cross-site request forgery is common on web now a days. I am facing this in my own site deployed on Google App engine. I got to know this by examining access logs. Is there any XSRF/CSRF library or other solution available for App engine that I can use. And, how much load it will add to my site?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I use this code called from basehandler’s init request function

    def init_csrf(self):
    """Issue and handle CSRF token as necessary"""

    self.csrf_token = self.request.cookies.get('c')
    if not self.csrf_token:
        self.csrf_token = str(uuid4())[:8]
        self.set_cookie('c', self.csrf_token)
    if self.request.method == 'POST' and self.csrf_protect \
        and self.csrf_token != self.request.get('_csrf_token'):
        raise CsrfException('Missing or invalid CSRF token.')

    I took it from Facebook’s example canvas application includes code to handle crsf. I did not practically test it much but I include it in my project since I have a canvas application for Facebook that runs in FB as an iframe. It makes every request handler have an instance variable that you can set to false if it generates an exception for normal cases.

    I didn’t yet test it thoroughly but this is the material I have about CRSF tokens for Google App Engine in python. If you like to check out the details exacly how I’m learning how to use it these days you may clone my repository.

    • 0