Adding Flask-SeaSurf module for CSRF protection.

2025-06-15 04:26:05 +00:00 · 2018-11-21 10:24:33 +07:00
parent ea53ae340f
commit 5f049debe5
25 changed files with 93 additions and 77 deletions
--- a/app/templates/admin_editaccount.html
+++ b/app/templates/admin_editaccount.html
@ -28,6 +28,7 @@
            <!-- /.box-header -->
            <!-- form start -->
            <form role="form" method="post" action="{% if create %}{{ url_for('admin_editaccount') }}{% else %}{{ url_for('admin_editaccount', account_name=account.name) }}{% endif %}">
+                <input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
                <input type="hidden" name="create" value="{{ create }}">
                <div class="box-body">
                    {% if error %}
@ -116,4 +117,4 @@
 <script>
        $("#account_multi_user").multiSelect();
 </script>
-{% endblock %}
+{% endblock %}