CSRF protection (#335)

2025-12-20 19:43:08 +00:00
parent 053b8a8138
commit 0bae4c9477
10 changed files with 634 additions and 1 deletions
--- a/examples/csrf/evil.py
+++ b/examples/csrf/evil.py
@@ -0,0 +1,25 @@
+from microdot import Microdot
+
+app = Microdot()
+
+
+@app.route('/', methods=['GET', 'POST'])
+def index(request):
+    page = '''<!doctype html>
+<html>
+  <head>
+    <title>CSRF Example</title>
+  </head>
+  <body>
+    <h1>Evil Site</h1>
+    <form method="POST" action="http://localhost:5000">
+      <input type="hidden" name="amount" value="100" />
+      <input type="submit" value="Win $100!" />
+    </form>
+  </body>
+</html>'''
+    return page, {'Content-Type': 'text/html'}
+
+
+if __name__ == '__main__':
+    app.run(port=5001, debug=True)