Fix and unify CSRF support across web and API endpoints.
This commit is contained in:
jakedt
parent
0097daebc2
commit
f060fd6ae0
5 changed files with 53 additions and 28 deletions
|
|
@ -18,6 +18,7 @@ from auth.permissions import (ReadRepositoryPermission, ModifyRepositoryPermissi
|
|||
from auth import scopes
|
||||
from auth.auth_context import get_authenticated_user, get_validated_oauth_token
|
||||
from auth.auth import process_oauth
|
||||
from endpoints.csrf import csrf_protect
|
||||
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
|
@ -25,6 +26,7 @@ api_bp = Blueprint('api', __name__)
|
|||
api = Api()
|
||||
api.init_app(api_bp)
|
||||
api.decorators = [process_oauth,
|
||||
csrf_protect,
|
||||
crossdomain(origin='*', headers=['Authorization', 'Content-Type'])]
|
||||
|
||||
|
||||
|
|
|
|||
Reference in a new issue