From 5904070bb2bfe7f00a9ae165c589d2d0a7232c55 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Mon, 22 Feb 2021 18:42:15 +0100
Subject: [PATCH] flows: add ensure_csrf_cookie() to flow shell view

---
 authentik/flows/urls.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/authentik/flows/urls.py b/authentik/flows/urls.py
index ad440097a..2c94ff3f4 100644
--- a/authentik/flows/urls.py
+++ b/authentik/flows/urls.py
@@ -1,12 +1,12 @@
 """flow urls"""
 from django.urls import path
+from django.views.decorators.csrf import ensure_csrf_cookie
 
 from authentik.flows.models import FlowDesignation
 from authentik.flows.views import (
     CancelView,
     ConfigureFlowInitView,
     FlowExecutorShellView,
-    FlowExecutorView,
     ToDefaultFlow,
 )
 
@@ -42,8 +42,9 @@ urlpatterns = [
         ConfigureFlowInitView.as_view(),
         name="configure",
     ),
-    path("b/<slug:flow_slug>/", FlowExecutorView.as_view(), name="flow-executor"),
     path(
-        "<slug:flow_slug>/", FlowExecutorShellView.as_view(), name="flow-executor-shell"
+        "<slug:flow_slug>/",
+        ensure_csrf_cookie(FlowExecutorShellView.as_view()),
+        name="flow-executor-shell",
     ),
 ]