{"id": "plugin_hooks:plugin-hook-skip-csrf", "page": "plugin_hooks", "ref": "plugin-hook-skip-csrf", "title": "skip_csrf(datasette, scope)", "content": "datasette  -  Datasette class \n                     \n                         You can use this to access plugin configuration options via  datasette.plugin_config(your_plugin_name) , or to execute SQL queries. \n                     \n                 \n                 \n                     scope  - dictionary \n                     \n                         The  ASGI scope  for the incoming HTTP request. \n                     \n                 \n             \n             This hook can be used to skip  CSRF protection  for a specific incoming request. For example, you might have a custom path at  /submit-comment  which is designed to accept comments from anywhere, whether or not the incoming request originated on the site and has an accompanying CSRF token. \n             This example will disable CSRF protection for that specific URL path: \n             from datasette import hookimpl\n\n\n@hookimpl\ndef skip_csrf(scope):\n    return scope[\"path\"] == \"/submit-comment\" \n             If any of the currently active  skip_csrf()  plugin hooks return  True , CSRF protection will be skipped for the request.", "breadcrumbs": "[\"Plugin hooks\"]", "references": "[{\"href\": \"https://asgi.readthedocs.io/en/latest/specs/www.html#http-connection-scope\", \"label\": \"ASGI scope\"}]"}