vbatts/microblog.pub
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Check CSRF Token at POST /authorize_follow

Browse source
This commit is contained in:
hiromi-mi 2020-06-04 14:43:52 +09:00
parent 4c5d798ed4
commit a34905dfda
1 changed files with 1 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
blueprints/admin.py
View file

@ -639,6 +639,7 @@ def authorize_follow():
)
)
csrf.protect()
actor = get_actor_url(request.form.get("profile"))
if not actor:
abort(500)