Attempting CSRF fixes

1 files changed, 4 insertions, 6 deletions

diff --git a/pysite/route_manager.py b/pysite/route_manager.py
index ee86c531..df7cbc36 100644
--- a/pysite/route_manager.py
+++ b/pysite/route_manager.py
@@ -34,9 +34,13 @@ class RouteManager:
         self.app.secret_key = os.environ.get("WEBPAGE_SECRET_KEY", "super_secret")
         self.app.config["SERVER_NAME"] = os.environ.get("SERVER_NAME", "pythondiscord.local:8080")
         self.app.config["PREFERRED_URL_SCHEME"] = PREFERRED_URL_SCHEME
+        self.app.config["WTF_CSRF_CHECK_DEFAULT "] = False  # We only want to protect specific routes
+
         self.app.before_request(self.db.before_request)
         self.app.teardown_request(self.db.teardown_request)
 
+        CSRF.init_app(self.app)  # Set up CSRF protection
+
         # Load the oauth blueprint
         self.oauth_backend = OauthBackend(self)
         self.oauth_blueprint = make_discord_blueprint(
@@ -69,9 +73,6 @@ class RouteManager:
                 self.log.debug(f"Loading Blueprint: {sub_blueprint.name}")
                 self.load_views(sub_blueprint, f"pysite/views/{sub}")
                 self.app.register_blueprint(sub_blueprint)
-
-                if sub == "api":
-                    CSRF.exempt(sub_blueprint)  # TODO: Gotta make this work properly, this is just a kludge for now
             except Exception:
                 logging.getLogger(__name__).exception(f"Failed to register blueprint for subdomain: {sub}")
 
@@ -84,9 +85,6 @@ class RouteManager:
 
         self.app.before_request(self.https_fixing_hook)  # Try to fix HTTPS issues
 
-        # CSRF.init_app(self.app)  # Set up CSRF protection
-        self.app.config["WTF_CSRF_CHECK_DEFAULT "] = False  # We only want to protect specific routes
-
     def https_fixing_hook(self):
         """
         Attempt to fix HTTPS issues by modifying the request context stack