Merge pull request #66 from trein/master

Enable CSRF protection
master
Steven Loria 9 years ago
commit 093e4588d7
  1. 3
      {{cookiecutter.app_name}}/{{cookiecutter.app_name}}/app.py
  2. 2
      {{cookiecutter.app_name}}/{{cookiecutter.app_name}}/extensions.py
  3. 2
      {{cookiecutter.app_name}}/{{cookiecutter.app_name}}/templates/nav.html

@ -4,7 +4,7 @@ from flask import Flask, render_template
from {{cookiecutter.app_name}} import public, user
from {{cookiecutter.app_name}}.assets import assets
from {{cookiecutter.app_name}}.extensions import bcrypt, cache, db, debug_toolbar, login_manager, migrate
from {{cookiecutter.app_name}}.extensions import bcrypt, cache, db, debug_toolbar, csrf_protect, login_manager, migrate
from {{cookiecutter.app_name}}.settings import ProdConfig
@ -27,6 +27,7 @@ def register_extensions(app):
bcrypt.init_app(app)
cache.init_app(app)
db.init_app(app)
csrf_protect.init_app(app)
login_manager.init_app(app)
debug_toolbar.init_app(app)
migrate.init_app(app, db)

@ -3,11 +3,13 @@
from flask_bcrypt import Bcrypt
from flask_cache import Cache
from flask_debugtoolbar import DebugToolbarExtension
from flask_wtf.csrf import CsrfProtect
from flask_login import LoginManager
from flask_migrate import Migrate
from flask_sqlalchemy import SQLAlchemy
bcrypt = Bcrypt()
csrf_protect = CsrfProtect()
login_manager = LoginManager()
db = SQLAlchemy()
migrate = Migrate()

@ -35,7 +35,7 @@
<li><a href="{{ url_for('public.register') }}">Create account</a></li>
</ul>
<form id="loginForm" method="POST" class="navbar-form form-inline navbar-right" action="/" role="login">
{{ form.hidden_tag() }}
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
<div class="form-group">
{{ form.username(placeholder="Username", class_="form-control") }}
{{ form.password(placeholder="Password", class_="form-control") }}

Loading…
Cancel
Save