From ca3ddfeccf79f3b8a4933802661a116063154302 Mon Sep 17 00:00:00 2001
From: Gareth Coles <gdude2002@gmail.com>
Date: Tue, 3 Apr 2018 22:38:01 +0100
Subject: Explicitly exclude the API subdomain from CSRF checks

TODO: Do this properly!
---
 pysite/route_manager.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'pysite/route_manager.py')

diff --git a/pysite/route_manager.py b/pysite/route_manager.py
index 18efbf73..03587fb0 100644
--- a/pysite/route_manager.py
+++ b/pysite/route_manager.py
@@ -69,12 +69,12 @@ class RouteManager:
                 self.log.debug(f"Loading Blueprint: {sub_blueprint.name}")
                 self.load_views(sub_blueprint, f"pysite/views/{sub}")
                 self.app.register_blueprint(sub_blueprint)
+
+                if sub == "api":
+                    CSRF.exempt(sub_blueprint)  # TODO: Gotta make this work properly, this is just a kludge for now
             except Exception:
                 logging.getLogger(__name__).exception(f"Failed to register blueprint for subdomain: {sub}")
 
-            # if sub == "api":
-            #     CSRF.exempt(sub_blueprint)
-
         # Load the websockets
         self.ws_blueprint = Blueprint("ws", __name__)
 
-- 
cgit v1.2.3