diff options
| author | 2018-04-03 22:38:01 +0100 | |
|---|---|---|
| committer | 2018-04-03 22:38:01 +0100 | |
| commit | ca3ddfeccf79f3b8a4933802661a116063154302 (patch) | |
| tree | fef274a46ca03ce2e347b91f155fc8ee1bf9fa14 | |
| parent | Basic wiki routes (diff) | |
Explicitly exclude the API subdomain from CSRF checks
TODO: Do this properly!
| -rw-r--r-- | pysite/route_manager.py | 6 | 
1 files changed, 3 insertions, 3 deletions
| diff --git a/pysite/route_manager.py b/pysite/route_manager.py index 18efbf73..03587fb0 100644 --- a/pysite/route_manager.py +++ b/pysite/route_manager.py @@ -69,12 +69,12 @@ class RouteManager:                  self.log.debug(f"Loading Blueprint: {sub_blueprint.name}")                  self.load_views(sub_blueprint, f"pysite/views/{sub}")                  self.app.register_blueprint(sub_blueprint) + +                if sub == "api": +                    CSRF.exempt(sub_blueprint)  # TODO: Gotta make this work properly, this is just a kludge for now              except Exception:                  logging.getLogger(__name__).exception(f"Failed to register blueprint for subdomain: {sub}") -            # if sub == "api": -            #     CSRF.exempt(sub_blueprint) -          # Load the websockets          self.ws_blueprint = Blueprint("ws", __name__) | 
