Steve Losh avatar Steve Losh committed ea6e850

csrf: initial commit

Comments (0)

Files changed (1)

+from flask import abort, request, session
+
+def csrf(app):
+    @app.before_request
+    def csrf_protect():
+        if request.method == "POST":
+            csrf_token = session.pop('_csrf_token', None)
+            if not csrf_token or csrf_token != request.form.get('_csrf_token'):
+                abort(400)
+    
+    def generate_csrf_token():
+        if '_csrf_token' not in session:
+            session['_csrf_token'] = some_random_string()
+        return session['_csrf_token']
+    
+    app.jinja_env.globals['csrf_token'] = generate_csrf_token
+
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.