Here is how I check post methods for a valid csrf token our server generates.
def check_token(self=None):
# whenever a user posts a form we verify that the csrf token is valid.
if cherrypy.request.method == 'POST':
token = cherrypy.session.get('_csrf_token')
if token is None or cherrypy.request.params.get('csrf_token') == None or token != cherrypy.request.params['csrf_token']:
raise cherrypy.HTTPError(403)
cherrypy.tools.Functions = cherrypy.Tool('before_handler', check_token)
Hope this helps!