vbatts/microblog.pub
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #81 from hiromi-mi/fix_csrf_authorize_follow

Browse source 
Add CSRF Protection in POST /authorize_follow
This commit is contained in:
Thomas Sileo 2020-06-04 08:08:16 +02:00 committed by GitHub
commit 8df0ddb03a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
blueprints/admin.py
View file

@ -639,6 +639,7 @@ def authorize_follow():
)
)
csrf.protect()
actor = get_actor_url(request.form.get("profile"))
if not actor:
abort(500)