From ff3a39ab03c2a4091aa56da039775dde4541d9f0 Mon Sep 17 00:00:00 2001 From: Gareth Coles Date: Sun, 1 Apr 2018 23:16:55 +0100 Subject: Add CSRF protection and optimise imports --- pysite/route_manager.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'pysite/route_manager.py') diff --git a/pysite/route_manager.py b/pysite/route_manager.py index f8a7515e..ec0a84e3 100644 --- a/pysite/route_manager.py +++ b/pysite/route_manager.py @@ -10,8 +10,8 @@ from flask_sockets import Sockets from pysite.base_route import APIView, BaseView, ErrorView, RouteView from pysite.constants import ( - DISCORD_OAUTH_AUTHORIZED, DISCORD_OAUTH_ID, DISCORD_OAUTH_REDIRECT, DISCORD_OAUTH_SCOPE, DISCORD_OAUTH_SECRET, - PREFERRED_URL_SCHEME) + CSRF, DISCORD_OAUTH_AUTHORIZED, DISCORD_OAUTH_ID, DISCORD_OAUTH_REDIRECT, DISCORD_OAUTH_SCOPE, + DISCORD_OAUTH_SECRET, PREFERRED_URL_SCHEME) from pysite.database import RethinkDB from pysite.oauth import OauthBackend from pysite.websockets import WS @@ -34,6 +34,7 @@ class RouteManager: self.app.secret_key = os.environ.get("WEBPAGE_SECRET_KEY", "super_secret") self.app.config["SERVER_NAME"] = os.environ.get("SERVER_NAME", "pythondiscord.local:8080") self.app.config["PREFERRED_URL_SCHEME"] = PREFERRED_URL_SCHEME + self.app.config["WTF_CSRF_CHECK_DEFAULT "] = False # We only want to protect specific routes self.app.before_request(self.db.before_request) self.app.teardown_request(self.db.teardown_request) @@ -80,6 +81,7 @@ class RouteManager: self.sockets.register_blueprint(self.ws_blueprint, url_prefix="/ws") self.app.before_request(self.https_fixing_hook) # Try to fix HTTPS issues + CSRF.init_app(self.app) # Set up CSRF protection def https_fixing_hook(self): """ -- cgit v1.2.3