Enable CSRF by blueprint (exclude API views)
This commit is contained in:
parent
74ae8ce559
commit
7096056f37
|
|
@ -23,7 +23,6 @@ from ereuse_devicehub.templating import Environment
|
|||
|
||||
|
||||
from flask_login import LoginManager
|
||||
from flask_wtf.csrf import CSRFProtect
|
||||
from ereuse_devicehub.resources.user.models import User
|
||||
|
||||
|
||||
|
|
@ -69,9 +68,6 @@ class Devicehub(Teal):
|
|||
self.configure_extensions()
|
||||
|
||||
def configure_extensions(self):
|
||||
# configure & enable CSRF of Flask-WTF
|
||||
CSRFProtect(self)
|
||||
|
||||
# configure Flask-Login
|
||||
login_manager = LoginManager()
|
||||
login_manager.init_app(self)
|
||||
|
|
|
|||
|
|
@ -1,9 +1,22 @@
|
|||
from ereuse_devicehub.devicehub import Devicehub
|
||||
|
||||
"""
|
||||
Example app with minimal configuration.
|
||||
|
||||
Use this as a starting point.
|
||||
"""
|
||||
from flask_wtf.csrf import CSRFProtect
|
||||
|
||||
app = Devicehub(inventory='db1')
|
||||
from ereuse_devicehub.config import DevicehubConfig
|
||||
from ereuse_devicehub.devicehub import Devicehub
|
||||
from ereuse_devicehub.inventory.views import devices
|
||||
from ereuse_devicehub.views import core
|
||||
|
||||
app = Devicehub(inventory=DevicehubConfig.DB_SCHEMA)
|
||||
app.register_blueprint(core)
|
||||
app.register_blueprint(devices)
|
||||
|
||||
# configure & enable CSRF of Flask-WTF
|
||||
# NOTE: enable by blueprint to exclude API views
|
||||
# TODO(@slamora: enable by default & exclude API views when decouple of Teal is completed
|
||||
csrf = CSRFProtect(app)
|
||||
csrf.protect(core)
|
||||
csrf.protect(devices)
|
||||
|
|
|
|||
Reference in New Issue