JohnHammond
/
ColdCore
mirror of https://github.com/JohnHammond/ColdCore.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CSRF exemption for teamconfirm

master
Samuel Damashek 2016-05-15 21:20:48 -04:00
parent a82735d386
commit 6a0101ff00
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app.py
View File

@ -341,9 +341,11 @@ def teardown_request(exc):
@app.before_request
def csrf_protect():
csrf_exempt = ['/teamconfirm/']
if request.method == "POST":
token = session.get('_csrf_token', None)
if not token or token != request.form["_csrf_token"]:
if not token or token != request.form["_csrf_token"] and not request.path in csrf_exempt:
return "Invalid CSRF token!"
def generate_csrf_token():