diff options
| -rw-r--r-- | pysite/route_manager.py | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/pysite/route_manager.py b/pysite/route_manager.py index ee86c531..df7cbc36 100644 --- a/pysite/route_manager.py +++ b/pysite/route_manager.py @@ -34,9 +34,13 @@ class RouteManager: self.app.secret_key = os.environ.get("WEBPAGE_SECRET_KEY", "super_secret") self.app.config["SERVER_NAME"] = os.environ.get("SERVER_NAME", "pythondiscord.local:8080") self.app.config["PREFERRED_URL_SCHEME"] = PREFERRED_URL_SCHEME + self.app.config["WTF_CSRF_CHECK_DEFAULT "] = False # We only want to protect specific routes + self.app.before_request(self.db.before_request) self.app.teardown_request(self.db.teardown_request) + CSRF.init_app(self.app) # Set up CSRF protection + # Load the oauth blueprint self.oauth_backend = OauthBackend(self) self.oauth_blueprint = make_discord_blueprint( @@ -69,9 +73,6 @@ class RouteManager: self.log.debug(f"Loading Blueprint: {sub_blueprint.name}") self.load_views(sub_blueprint, f"pysite/views/{sub}") self.app.register_blueprint(sub_blueprint) - - if sub == "api": - CSRF.exempt(sub_blueprint) # TODO: Gotta make this work properly, this is just a kludge for now except Exception: logging.getLogger(__name__).exception(f"Failed to register blueprint for subdomain: {sub}") @@ -84,9 +85,6 @@ class RouteManager: self.app.before_request(self.https_fixing_hook) # Try to fix HTTPS issues - # CSRF.init_app(self.app) # Set up CSRF protection - self.app.config["WTF_CSRF_CHECK_DEFAULT "] = False # We only want to protect specific routes - def https_fixing_hook(self): """ Attempt to fix HTTPS issues by modifying the request context stack |