Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Setting WTF_CSRF_TIME_LIMIT to "None" is confusing #538

Open
malthe opened this issue Dec 20, 2022 · 0 comments
Open

Setting WTF_CSRF_TIME_LIMIT to "None" is confusing #538

malthe opened this issue Dec 20, 2022 · 0 comments
Labels

Comments

@malthe
Copy link

malthe commented Dec 20, 2022

In #258, it is made "clear" that WTF_CSRF_TIME_LIMIT can be set to None. But this isn't entirely clear because what is None in the context of an environment variable?

Is it the absence of a value (presumably not, because then we get the default of 3600 seconds) - ?

Is it an empty string? I think a better value for the behavior of "limited by user session" would be 0. This works better with configuration by environment variable.

@azmeuk azmeuk added the csrf label Jul 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

2 participants