diff options
| author |  Gareth Coles <[email protected]> | 2018-04-03 22:38:01 +0100 |
|---|---|---|
| committer | Gareth Coles <[email protected]> | 2018-04-03 22:38:01 +0100 |
| commit | ca3ddfeccf79f3b8a4933802661a116063154302 (patch) | |
| tree | fef274a46ca03ce2e347b91f155fc8ee1bf9fa14 /pysite | |
| parent | Basic wiki routes (diff) | |
Explicitly exclude the API subdomain from CSRF checks
TODO: Do this properly!
Diffstat (limited to 'pysite')
| -rw-r--r-- | pysite/route_manager.py | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/pysite/route_manager.py b/pysite/route_manager.py index 18efbf73..03587fb0 100644 --- a/pysite/route_manager.py +++ b/pysite/route_manager.py @@ -69,12 +69,12 @@ class RouteManager: self.log.debug(f"Loading Blueprint: {sub_blueprint.name}") self.load_views(sub_blueprint, f"pysite/views/{sub}") self.app.register_blueprint(sub_blueprint) + + if sub == "api": + CSRF.exempt(sub_blueprint) # TODO: Gotta make this work properly, this is just a kludge for now except Exception: logging.getLogger(__name__).exception(f"Failed to register blueprint for subdomain: {sub}") - # if sub == "api": - # CSRF.exempt(sub_blueprint) - # Load the websockets self.ws_blueprint = Blueprint("ws", __name__) |