Adding Flask-SeaSurf module for CSRF protection.

2025-06-15 04:26:05 +00:00 · 2018-11-21 10:24:33 +07:00
parent ea53ae340f
commit 5f049debe5
25 changed files with 93 additions and 77 deletions
--- a/app/templates/admin_setting_pdns.html
+++ b/app/templates/admin_setting_pdns.html
@ -26,6 +26,7 @@
            <!-- /.box-header -->
            <!-- form start -->
            <form role="form" method="post" data-toggle="validator">
+                <input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
                <div class="box-body">
                    {% if not SETTING.get('pdns_api_url') or not SETTING.get('pdns_api_key') or not SETTING.get('pdns_version') %}
                        <div class="alert alert-danger alert-dismissible">
@ -82,4 +83,4 @@
    {% assets "js_validation" -%}
      <script type="text/javascript" src="{{ ASSET_URL }}"></script>
    {%- endassets %}
-{% endblock %}
+{% endblock %}