CSRF protection in WTForms is handled by subclasses of class SecureForm
. You should implement a subclass of SecureForm
that uses Pyramid's facilities to store tokens in user session and to obtain tokens as they come with a request for verification.
A good implementation to follow is the one for Flask, in flask.ext.wtf.Form class. This is a small class that should port to Pyramid without much effort.