From 8577dc7fd62164f55f31d4f13352e2464ae359df Mon Sep 17 00:00:00 2001 From: "Guilherme M. Trein" Date: Fri, 4 Mar 2016 20:50:59 -0500 Subject: [PATCH] Enable CSRF protection - CSRF is enabled by default for login form - This commit resolves issue #34 --- {{cookiecutter.app_name}}/{{cookiecutter.app_name}}/app.py | 3 ++- .../{{cookiecutter.app_name}}/extensions.py | 2 ++ .../{{cookiecutter.app_name}}/templates/nav.html | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/{{cookiecutter.app_name}}/{{cookiecutter.app_name}}/app.py b/{{cookiecutter.app_name}}/{{cookiecutter.app_name}}/app.py index 62c54ff..6ab624f 100644 --- a/{{cookiecutter.app_name}}/{{cookiecutter.app_name}}/app.py +++ b/{{cookiecutter.app_name}}/{{cookiecutter.app_name}}/app.py @@ -4,7 +4,7 @@ from flask import Flask, render_template from {{cookiecutter.app_name}} import public, user from {{cookiecutter.app_name}}.assets import assets -from {{cookiecutter.app_name}}.extensions import bcrypt, cache, db, debug_toolbar, login_manager, migrate +from {{cookiecutter.app_name}}.extensions import bcrypt, cache, db, debug_toolbar, csrf_protect, login_manager, migrate from {{cookiecutter.app_name}}.settings import ProdConfig @@ -27,6 +27,7 @@ def register_extensions(app): bcrypt.init_app(app) cache.init_app(app) db.init_app(app) + csrf_protect.init_app(app) login_manager.init_app(app) debug_toolbar.init_app(app) migrate.init_app(app, db) diff --git a/{{cookiecutter.app_name}}/{{cookiecutter.app_name}}/extensions.py b/{{cookiecutter.app_name}}/{{cookiecutter.app_name}}/extensions.py index de72e89..0eec573 100644 --- a/{{cookiecutter.app_name}}/{{cookiecutter.app_name}}/extensions.py +++ b/{{cookiecutter.app_name}}/{{cookiecutter.app_name}}/extensions.py @@ -3,11 +3,13 @@ from flask_bcrypt import Bcrypt from flask_cache import Cache from flask_debugtoolbar import DebugToolbarExtension +from flask_wtf.csrf import CsrfProtect from flask_login import LoginManager from flask_migrate import Migrate from flask_sqlalchemy import SQLAlchemy bcrypt = Bcrypt() +csrf_protect = CsrfProtect() login_manager = LoginManager() db = SQLAlchemy() migrate = Migrate() diff --git a/{{cookiecutter.app_name}}/{{cookiecutter.app_name}}/templates/nav.html b/{{cookiecutter.app_name}}/{{cookiecutter.app_name}}/templates/nav.html index 57ed624..faeec2d 100644 --- a/{{cookiecutter.app_name}}/{{cookiecutter.app_name}}/templates/nav.html +++ b/{{cookiecutter.app_name}}/{{cookiecutter.app_name}}/templates/nav.html @@ -35,7 +35,7 @@
  • Create account