Enable CSRF by blueprint (exclude API views)

This commit is contained in:
Santiago L 2022-01-17 12:55:42 +01:00
parent 74ae8ce559
commit 7096056f37
2 changed files with 16 additions and 7 deletions

View file

@ -23,7 +23,6 @@ from ereuse_devicehub.templating import Environment
from flask_login import LoginManager from flask_login import LoginManager
from flask_wtf.csrf import CSRFProtect
from ereuse_devicehub.resources.user.models import User from ereuse_devicehub.resources.user.models import User
@ -69,9 +68,6 @@ class Devicehub(Teal):
self.configure_extensions() self.configure_extensions()
def configure_extensions(self): def configure_extensions(self):
# configure & enable CSRF of Flask-WTF
CSRFProtect(self)
# configure Flask-Login # configure Flask-Login
login_manager = LoginManager() login_manager = LoginManager()
login_manager.init_app(self) login_manager.init_app(self)

View file

@ -1,9 +1,22 @@
from ereuse_devicehub.devicehub import Devicehub
""" """
Example app with minimal configuration. Example app with minimal configuration.
Use this as a starting point. Use this as a starting point.
""" """
from flask_wtf.csrf import CSRFProtect
app = Devicehub(inventory='db1') from ereuse_devicehub.config import DevicehubConfig
from ereuse_devicehub.devicehub import Devicehub
from ereuse_devicehub.inventory.views import devices
from ereuse_devicehub.views import core
app = Devicehub(inventory=DevicehubConfig.DB_SCHEMA)
app.register_blueprint(core)
app.register_blueprint(devices)
# configure & enable CSRF of Flask-WTF
# NOTE: enable by blueprint to exclude API views
# TODO(@slamora: enable by default & exclude API views when decouple of Teal is completed
csrf = CSRFProtect(app)
csrf.protect(core)
csrf.protect(devices)