mirror of
https://github.com/cwinfo/powerdns-admin.git
synced 2024-11-08 14:40:27 +00:00
ae2ad6527a
The CSRF token is currently inserted directly in the template and not in the browser via JavaScript from the cookie, so making it inaccessible is not a problem. The Sesson-cookie is already httponly by default [0]. [0] https://flask.palletsprojects.com/en/2.1.x/config/?highlight=session_cookie_httponly#SESSION_COOKIE_HTTPONLY |
||
---|---|---|
.. | ||
lib | ||
models | ||
routes | ||
services | ||
static | ||
templates | ||
__init__.py | ||
assets.py | ||
decorators.py | ||
default_config.py | ||
swagger-spec.yaml |