Attempt to fix CSRF; add debug info to staff page

3 files changed, 10 insertions, 3 deletions

diff --git a/pysite/route_manager.py b/pysite/route_manager.py
index df7cbc36..b36ccadd 100644
--- a/pysite/route_manager.py
+++ b/pysite/route_manager.py
@@ -34,7 +34,7 @@ class RouteManager:
         self.app.secret_key = os.environ.get("WEBPAGE_SECRET_KEY", "super_secret")
         self.app.config["SERVER_NAME"] = os.environ.get("SERVER_NAME", "pythondiscord.local:8080")
         self.app.config["PREFERRED_URL_SCHEME"] = PREFERRED_URL_SCHEME
-        self.app.config["WTF_CSRF_CHECK_DEFAULT "] = False  # We only want to protect specific routes
+        self.app.config["WTF_CSRF_CHECK_DEFAULT"] = False  # We only want to protect specific routes
 
         self.app.before_request(self.db.before_request)
         self.app.teardown_request(self.db.teardown_request)
diff --git a/pysite/views/staff/index.py b/pysite/views/staff/index.py
index e5c3c1b0..7569ba32 100644
--- a/pysite/views/staff/index.py
+++ b/pysite/views/staff/index.py
@@ -1,4 +1,8 @@
 # coding=utf-8
+from pprint import pformat
+
+from flask import current_app
+
 from pysite.base_route import RouteView
 from pysite.constants import ALL_STAFF_ROLES
 from pysite.decorators import require_roles
@@ -10,4 +14,4 @@ class StaffView(RouteView):
 
     @require_roles(*ALL_STAFF_ROLES)
     def get(self):
-        return self.render("staff/staff.html")
+        return self.render("staff/staff.html", app_config=pformat(current_app.config, indent=4, width=120))
diff --git a/templates/staff/staff.html b/templates/staff/staff.html
index 5bb9d951..157bdf21 100644
--- a/templates/staff/staff.html
+++ b/templates/staff/staff.html
@@ -5,7 +5,10 @@
 {% block content %}
     <div class="uk-container uk-section">
     <h1 class="uk-title uk-text-center">
-        This will be for staff only. Login required.
+        App config
     </h1>
+    <pre>
+{{ app_config | safe }}
+    </pre>
     </div>
 {% endblock %}
\ No newline at end of file