diff options
| author |  Gareth Coles <[email protected]> | 2018-04-05 09:08:47 +0100 |
|---|---|---|
| committer | Gareth Coles <[email protected]> | 2018-04-05 09:08:47 +0100 |
| commit | 8787ade4f3f3adefd33237bf8ddfcfec4ca424eb (patch) | |
| tree | 872b764eb7227fd8466981824881298b9056e268 /pysite | |
| parent | Fun fact: docutils is NOT stdlib (diff) | |
Attempt to fix CSRF; add debug info to staff page
Diffstat (limited to 'pysite')
| -rw-r--r-- | pysite/route_manager.py | 2 | ||||
| -rw-r--r-- | pysite/views/staff/index.py | 6 |
2 files changed, 6 insertions, 2 deletions
diff --git a/pysite/route_manager.py b/pysite/route_manager.py index df7cbc36..b36ccadd 100644 --- a/pysite/route_manager.py +++ b/pysite/route_manager.py @@ -34,7 +34,7 @@ class RouteManager: self.app.secret_key = os.environ.get("WEBPAGE_SECRET_KEY", "super_secret") self.app.config["SERVER_NAME"] = os.environ.get("SERVER_NAME", "pythondiscord.local:8080") self.app.config["PREFERRED_URL_SCHEME"] = PREFERRED_URL_SCHEME - self.app.config["WTF_CSRF_CHECK_DEFAULT "] = False # We only want to protect specific routes + self.app.config["WTF_CSRF_CHECK_DEFAULT"] = False # We only want to protect specific routes self.app.before_request(self.db.before_request) self.app.teardown_request(self.db.teardown_request) diff --git a/pysite/views/staff/index.py b/pysite/views/staff/index.py index e5c3c1b0..7569ba32 100644 --- a/pysite/views/staff/index.py +++ b/pysite/views/staff/index.py @@ -1,4 +1,8 @@ # coding=utf-8 +from pprint import pformat + +from flask import current_app + from pysite.base_route import RouteView from pysite.constants import ALL_STAFF_ROLES from pysite.decorators import require_roles @@ -10,4 +14,4 @@ class StaffView(RouteView): @require_roles(*ALL_STAFF_ROLES) def get(self): - return self.render("staff/staff.html") + return self.render("staff/staff.html", app_config=pformat(current_app.config, indent=4, width=120)) |