archive/pillar
0
0
Fork 0
Code Issues 42 Pull Requests Projects Releases Wiki Activity

Update flask_wtf to 0.14.2 and make CSRFProtect available to current_app

Browse Source 
By default CSRF protection is disabled for all views, since most
web endpoints and all API endpoints do not need it.
On the views that require it, we use the 
current_app.csrf.protect() method.
This commit is contained in:
Francesco Siddi
2018-03-28 22:05:54 +02:00
parent fc9c518c2a
commit e69f991aa6
6 changed files with 24 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
pillar/__init__.py
View File

@@ -73,6 +73,7 @@ class PillarServer(BlinkerCompatibleEve):
def __init__(self, app_root, **kwargs):
from .extension import PillarExtension
from celery import Celery
from flask_wtf.csrf import CSRFProtect
kwargs.setdefault('validator', custom_field_validation.ValidateCustomFields)
super(PillarServer, self).__init__(settings=empty_settings, **kwargs)
@@ -141,6 +142,10 @@ class PillarServer(BlinkerCompatibleEve):
self.before_first_request(self.setup_db_indices)
# Make CSRF protection available to the application. By default it is
# disabled on all endpoints. More info at WTF_CSRF_CHECK_DEFAULT in config.py
self.csrf = CSRFProtect(self)
def _validate_config(self):
if not self.config.get('SECRET_KEY'):
raise ConfigurationMissingError('SECRET_KEY configuration key is missing')