def setUp(self): app = Flask(__name__) app.debug = True app.secret_key = '1234' self.app = app csrf = SeaSurf() csrf._csrf_disable = False self.csrf = csrf # Initialize CSRF protection. self.csrf.init_app(app) @self.csrf.disable_cookie def disable_cookie(response): if request.path == '/foo/baz': return True if request.path == '/manual': return True return False @app.route('/foo/baz', methods=['GET']) def foobaz(): return 'bar' @app.route('/foo/quz', methods=['GET']) def fooquz(): return 'bar' @csrf.exempt @app.route('/manual', methods=['POST']) def manual(): csrf.validate() return 'bar'
def setUp(self): app = Flask(__name__) app.debug = True app.secret_key = '1234' self.app = app csrf = SeaSurf() csrf._csrf_disable = False self.csrf = csrf # Initialize CSRF protection. self.csrf.init_app(app) self.csrf.exempt_urls(('/foo', )) @app.route('/foo/baz', methods=['POST']) def foobaz(): return 'bar' @app.route('/foo/quz', methods=['POST']) def fooquz(): return 'bar' @app.route('/bar', methods=['POST']) def bar(): return 'foo'
def setUp(self): app = Flask(__name__) app.debug = True app.secret_key = '1234' app.config['SEASURF_INCLUDE_OR_EXEMPT_VIEWS'] = 'include' self.app = app csrf = SeaSurf() csrf._csrf_disable = False self.csrf = csrf # Initialize CSRF protection. self.csrf.init_app(app) @csrf.include @app.route('/foo', methods=['POST']) @app.route('/foo/<term>', methods=['POST']) def foo(term=None): return 'bar' @app.route('/bar', methods=['POST']) @app.route('/bar/<term>', methods=['POST']) def bar(term=None): return 'foo'
def setUp(self): app = Flask(__name__) app.debug = True app.secret_key = '1234' self.app = app csrf = SeaSurf() csrf._csrf_disable = False self.csrf = csrf # Initialize CSRF protection. self.csrf.init_app(app) self.csrf.exempt_urls(('/foo',)) @app.route('/foo/baz', methods=['POST']) def foobaz(): return 'bar' @app.route('/foo/quz', methods=['POST']) def fooquz(): return 'bar' @app.route('/bar', methods=['POST']) def bar(): return 'foo'
def setUp(self): app = Flask(__name__) app.debug = True self.app = app csrf = SeaSurf(app) csrf._csrf_disable = False self.csrf = csrf @csrf.exempt @app.route('/foo', methods=['POST']) def foo(): return 'bar' @app.route('/bar', methods=['POST']) def bar(): return 'foo'
def setUp(self): app = Flask(__name__) app.debug = True app.config['SEASURF_INCLUDE_OR_EXEMPT_VIEWS'] = 'exempt' self.app = app csrf = SeaSurf(app) csrf._csrf_disable = False self.csrf = csrf @csrf.exempt @app.route('/foo', methods=['POST']) def foo(): return 'bar' @app.route('/bar', methods=['POST']) def bar(): return 'foo'
def setUp(self): app = Flask(__name__) app.debug = True app.secret_key = '1234' self.app = app csrf = SeaSurf() csrf._csrf_disable = False self.csrf = csrf # Initialize CSRF protection. self.csrf.init_app(app) @csrf.exempt @app.route('/manual', methods=['POST']) def manual(): csrf.validate() return 'bar'
def setUp(self): app = Flask(__name__) app.debug = True app.secret_key = '1234' self.app = app csrf = SeaSurf() csrf._csrf_disable = False self.csrf = csrf # Initialize CSRF protection. self.csrf.init_app(app) @app.route('/foo', methods=['GET']) def foo(term=None): return 'bar' @app.route('/bar', methods=['POST']) def bar(term=None): self.csrf.generate_new_token() return 'foo'
def setUp(self): app = Flask(__name__) app.debug = True app.secret_key = '1234' self.app = app @app.after_request def after_request(response): from flask import session response.headers['X-Session-Modified'] = str(session.modified) return response csrf = SeaSurf() csrf._csrf_disable = False self.csrf = csrf # Initialize CSRF protection. self.csrf.init_app(app) @app.route('/foo', methods=['GET']) def foo(): return 'bar'
def setUp(self): app = Flask(__name__) app.debug = True app.secret_key = '1234' self.app = app csrf = SeaSurf() csrf._csrf_disable = False self.csrf = csrf self.csrf.init_app(app) @app.route('/foo', methods=['GET']) def foo(): return 'bar' @app.route('/bar', methods=['POST']) def bar(): return 'foo' @app.route('/baz', methods=['GET']) def baz(): return render_template_string('{{ csrf_token() }}')
def setUp(self): app = Flask(__name__) app.debug = True app.secret_key = '1234' app.config['CSRF_CHECK_REFERER'] = False self.app = app csrf = SeaSurf() csrf._csrf_disable = False self.csrf = csrf # Initialize CSRF protection. self.csrf.init_app(app) @csrf.exempt @app.route('/foo', methods=['POST']) @app.route('/foo/<term>', methods=['POST']) def foo(term=None): return 'bar' @app.route('/bar', methods=['POST']) @app.route('/bar/<term>', methods=['POST']) def bar(term=None): return 'foo'
Also add SeaSurf CSRF protection and exempt from validation google and facebook login. """ from flask import Flask from flask_seasurf import SeaSurf from .views.bookstore import bookstore from .views.book import book from .views.auth_login import auth_login from .views.auth_logout import auth_logout from .views.auth_google import auth_google from .views.auth_facebook import auth_facebook app = Flask(__name__) app.register_blueprint(bookstore) app.register_blueprint(book) app.register_blueprint(auth_login) app.register_blueprint(auth_logout) app.register_blueprint(auth_google) app.register_blueprint(auth_facebook) csrf = SeaSurf(app) csrf._csrf_disable = False csrf.exempt_urls(( '/gconnect', '/fbconnect', ))