Darks
0d8dd70956
The decorator @check_csrf can be used to check CSRF protection when using GET links (like delete a post or logout)
19 lines
467 B
Python
19 lines
467 B
Python
from functools import wraps
|
|
from flask import request, abort
|
|
from flask_wtf import csrf
|
|
from wtforms.validators import ValidationError
|
|
from app import app
|
|
|
|
def check_csrf(func):
|
|
"""
|
|
Check csrf_token GET parameter
|
|
"""
|
|
@wraps(func)
|
|
def wrapped(*args, **kwargs):
|
|
try:
|
|
csrf.validate_csrf(request.args.get('csrf_token'))
|
|
except ValidationError:
|
|
abort(404)
|
|
return func(*args, **kwargs)
|
|
return wrapped
|