vbatts/microblog.pub
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Improve expired session and CSRF error handling

Browse source
This commit is contained in:
Thomas Sileo 2022-09-16 18:14:50 +02:00
parent 949365d8ba
commit b99552384c
5 changed files with 32 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

13
app/admin.py
View file

@ -40,13 +40,22 @@ from app.utils import pagination
from app.utils.emoji import EMOJIS_BY_NAME
def user_session_or_redirect(
async def user_session_or_redirect(
request: Request,
session: str | None = Cookie(default=None),
) -> None:
if request.method == "POST":
form_data = await request.form()
if "redirect_url" in form_data:
redirect_url = form_data["redirect_url"]
else:
redirect_url = request.url_for("admin_stream")
else:
redirect_url = str(request.url)
_RedirectToLoginPage = HTTPException(
status_code=302,
headers={"Location": request.url_for("login") + f"?redirect={request.url}"},
headers={"Location": request.url_for("login") + f"?redirect={redirect_url}"},
)
if not session: