Update flask_wtf to 0.14.2 and make CSRFProtect available to current_app

By default CSRF protection is disabled for all views, since most web endpoints and all API endpoints do not need it. On the views that require it, we use the current_app.csrf.protect() method.
2018-03-28 22:05:54 +02:00
parent fc9c518c2a
commit e69f991aa6
6 changed files with 24 additions and 6 deletions
--- a/setup.py
+++ b/setup.py
@@ -39,7 +39,7 @@ setuptools.setup(
        'Flask-Script>=2.0.5',
        'Flask-Login>=0.3.2',
        'Flask-OAuthlib>=0.9.3',
-        'Flask-WTF>=0.12',
+        'Flask-WTF>=0.14.2',
        'algoliasearch>=1.12.0',

        # Limit the major version to the major version of ElasticSearch we're using.