I have a simple Outputfilter. The Filter replace all E-Mail Anchors in the Richtext with a Link to an Contact Form. In the Background i will save the E-Mail Addresses in a List/Dict in the Portal Registry.
If i call the View of a Page with an E-Mail Address in the HTML i get an CSRF Protection Error. That is normal, because i will write to portal_registry in a GET request.
registry = getUtility(IRegistry)
emails_for_masking = registry["outputfilters.emails_for_masking"]
emails_for_masking.update({"id1":"mymail@...."})
# this works:
alsoProvides(self.request, IDisableCSRFProtection)
# this don't work
safeWrite(self.context, self.request)
# or
safeWrite(registry, self.request)
registry["outputfilters.emails_for_masking"] = emails_for_masking
i would be only allow the particular write with safeWrite, but the doesn't work
The only solution is to disable the CSRF Protecxtion for the request via IDisableCSRFProtection But this is not what i want. What is the correct use of safeWrite(self.context, self.request) ? Any hints for the safeWrite way?