def setUp(self):
app = Flask(__name__)
app.debug = True
app.secret_key = '1234'
self.app = app
csrf = SeaSurf()
csrf._csrf_disable = False
self.csrf = csrf
# Initialize CSRF protection.
self.csrf.init_app(app)
@self.csrf.disable_cookie
def disable_cookie(response):
if request.path == '/foo/baz':
return True
if request.path == '/manual':
return True
return False
@app.route('/foo/baz', methods=['GET'])
def foobaz():
return 'bar'
@app.route('/foo/quz', methods=['GET'])
def fooquz():
return 'bar'
@csrf.exempt
@app.route('/manual', methods=['POST'])
def manual():
csrf.validate()
return 'bar'
def setUp(self):
app = Flask(__name__)
app.debug = True
app.secret_key = '1234'
self.app = app
csrf = SeaSurf()
csrf._csrf_disable = False
self.csrf = csrf
# Initialize CSRF protection.
self.csrf.init_app(app)
self.csrf.exempt_urls(('/foo', ))
@app.route('/foo/baz', methods=['POST'])
def foobaz():
return 'bar'
@app.route('/foo/quz', methods=['POST'])
def fooquz():
return 'bar'
@app.route('/bar', methods=['POST'])
def bar():
return 'foo'
def setUp(self):
app = Flask(__name__)
app.debug = True
app.secret_key = '1234'
app.config['SEASURF_INCLUDE_OR_EXEMPT_VIEWS'] = 'include'
self.app = app
csrf = SeaSurf()
csrf._csrf_disable = False
self.csrf = csrf
# Initialize CSRF protection.
self.csrf.init_app(app)
@csrf.include
@app.route('/foo', methods=['POST'])
@app.route('/foo/<term>', methods=['POST'])
def foo(term=None):
return 'bar'
@app.route('/bar', methods=['POST'])
@app.route('/bar/<term>', methods=['POST'])
def bar(term=None):
return 'foo'
def setUp(self):
app = Flask(__name__)
app.debug = True
app.secret_key = '1234'
self.app = app
csrf = SeaSurf()
csrf._csrf_disable = False
self.csrf = csrf
# Initialize CSRF protection.
self.csrf.init_app(app)
@self.csrf.disable_cookie
def disable_cookie(response):
if request.path == '/foo/baz':
return True
if request.path == '/manual':
return True
return False
@app.route('/foo/baz', methods=['GET'])
def foobaz():
return 'bar'
@app.route('/foo/quz', methods=['GET'])
def fooquz():
return 'bar'
@csrf.exempt
@app.route('/manual', methods=['POST'])
def manual():
csrf.validate()
return 'bar'
def setUp(self):
app = Flask(__name__)
app.debug = True
app.secret_key = '1234'
app.config['SEASURF_INCLUDE_OR_EXEMPT_VIEWS'] = 'include'
self.app = app
csrf = SeaSurf()
csrf._csrf_disable = False
self.csrf = csrf
# Initialize CSRF protection.
self.csrf.init_app(app)
@csrf.include
@app.route('/foo', methods=['POST'])
@app.route('/foo/<term>', methods=['POST'])
def foo(term=None):
return 'bar'
@app.route('/bar', methods=['POST'])
@app.route('/bar/<term>', methods=['POST'])
def bar(term=None):
return 'foo'
def setUp(self):
app = Flask(__name__)
app.debug = True
app.secret_key = '1234'
self.app = app
csrf = SeaSurf()
csrf._csrf_disable = False
self.csrf = csrf
# Initialize CSRF protection.
self.csrf.init_app(app)
self.csrf.exempt_urls(('/foo',))
@app.route('/foo/baz', methods=['POST'])
def foobaz():
return 'bar'
@app.route('/foo/quz', methods=['POST'])
def fooquz():
return 'bar'
@app.route('/bar', methods=['POST'])
def bar():
return 'foo'
def setUp(self):
app = Flask(__name__)
app.debug = True
self.app = app
csrf = SeaSurf(app)
csrf._csrf_disable = False
self.csrf = csrf
@csrf.exempt
@app.route('/foo', methods=['POST'])
def foo():
return 'bar'
@app.route('/bar', methods=['POST'])
def bar():
return 'foo'
def setUp(self):
app = Flask(__name__)
app.debug = True
self.app = app
csrf = SeaSurf(app)
csrf._csrf_disable = False
self.csrf = csrf
@csrf.exempt
@app.route('/foo', methods=['POST'])
def foo():
return 'bar'
@app.route('/bar', methods=['POST'])
def bar():
return 'foo'
def setUp(self):
app = Flask(__name__)
app.debug = True
app.config['SEASURF_INCLUDE_OR_EXEMPT_VIEWS'] = 'exempt'
self.app = app
csrf = SeaSurf(app)
csrf._csrf_disable = False
self.csrf = csrf
@csrf.exempt
@app.route('/foo', methods=['POST'])
def foo():
return 'bar'
@app.route('/bar', methods=['POST'])
def bar():
return 'foo'
def setUp(self):
app = Flask(__name__)
app.debug = True
app.config['SEASURF_INCLUDE_OR_EXEMPT_VIEWS'] = 'exempt'
self.app = app
csrf = SeaSurf(app)
csrf._csrf_disable = False
self.csrf = csrf
@csrf.exempt
@app.route('/foo', methods=['POST'])
def foo():
return 'bar'
@app.route('/bar', methods=['POST'])
def bar():
return 'foo'
def setUp(self):
app = Flask(__name__)
app.debug = True
app.secret_key = '1234'
self.app = app
csrf = SeaSurf()
csrf._csrf_disable = False
self.csrf = csrf
# Initialize CSRF protection.
self.csrf.init_app(app)
@csrf.exempt
@app.route('/manual', methods=['POST'])
def manual():
csrf.validate()
return 'bar'
def setUp(self):
app = Flask(__name__)
app.debug = True
app.secret_key = '1234'
self.app = app
csrf = SeaSurf()
csrf._csrf_disable = False
self.csrf = csrf
# Initialize CSRF protection.
self.csrf.init_app(app)
@csrf.exempt
@app.route('/manual', methods=['POST'])
def manual():
csrf.validate()
return 'bar'
def setUp(self):
app = Flask(__name__)
app.debug = True
app.secret_key = '1234'
self.app = app
csrf = SeaSurf()
csrf._csrf_disable = False
self.csrf = csrf
# Initialize CSRF protection.
self.csrf.init_app(app)
@app.route('/foo', methods=['GET'])
def foo(term=None):
return 'bar'
@app.route('/bar', methods=['POST'])
def bar(term=None):
self.csrf.generate_new_token()
return 'foo'
def setUp(self):
app = Flask(__name__)
app.debug = True
app.secret_key = '1234'
self.app = app
csrf = SeaSurf()
csrf._csrf_disable = False
self.csrf = csrf
# Initialize CSRF protection.
self.csrf.init_app(app)
@app.route('/foo', methods=['GET'])
def foo(term=None):
return 'bar'
@app.route('/bar', methods=['POST'])
def bar(term=None):
self.csrf.generate_new_token()
return 'foo'
def setUp(self):
app = Flask(__name__)
app.debug = True
app.secret_key = '1234'
self.app = app
@app.after_request
def after_request(response):
from flask import session
response.headers['X-Session-Modified'] = str(session.modified)
return response
csrf = SeaSurf()
csrf._csrf_disable = False
self.csrf = csrf
# Initialize CSRF protection.
self.csrf.init_app(app)
@app.route('/foo', methods=['GET'])
def foo():
return 'bar'
def setUp(self):
app = Flask(__name__)
app.debug = True
app.secret_key = '1234'
self.app = app
@app.after_request
def after_request(response):
from flask import session
response.headers['X-Session-Modified'] = str(session.modified)
return response
csrf = SeaSurf()
csrf._csrf_disable = False
self.csrf = csrf
# Initialize CSRF protection.
self.csrf.init_app(app)
@app.route('/foo', methods=['GET'])
def foo():
return 'bar'
def setUp(self):
app = Flask(__name__)
app.debug = True
app.secret_key = '1234'
self.app = app
csrf = SeaSurf()
csrf._csrf_disable = False
self.csrf = csrf
self.csrf.init_app(app)
@app.route('/foo', methods=['GET'])
def foo():
return 'bar'
@app.route('/bar', methods=['POST'])
def bar():
return 'foo'
@app.route('/baz', methods=['GET'])
def baz():
return render_template_string('{{ csrf_token() }}')
def setUp(self):
app = Flask(__name__)
app.debug = True
app.secret_key = '1234'
self.app = app
csrf = SeaSurf()
csrf._csrf_disable = False
self.csrf = csrf
self.csrf.init_app(app)
@app.route('/foo', methods=['GET'])
def foo():
return 'bar'
@app.route('/bar', methods=['POST'])
def bar():
return 'foo'
@app.route('/baz', methods=['GET'])
def baz():
return render_template_string('{{ csrf_token() }}')
def setUp(self):
app = Flask(__name__)
app.debug = True
app.secret_key = '1234'
app.config['CSRF_CHECK_REFERER'] = False
self.app = app
csrf = SeaSurf()
csrf._csrf_disable = False
self.csrf = csrf
# Initialize CSRF protection.
self.csrf.init_app(app)
@csrf.exempt
@app.route('/foo', methods=['POST'])
@app.route('/foo/<term>', methods=['POST'])
def foo(term=None):
return 'bar'
@app.route('/bar', methods=['POST'])
@app.route('/bar/<term>', methods=['POST'])
def bar(term=None):
return 'foo'
def setUp(self):
app = Flask(__name__)
app.debug = True
app.secret_key = '1234'
app.config['CSRF_CHECK_REFERER'] = False
self.app = app
csrf = SeaSurf()
csrf._csrf_disable = False
self.csrf = csrf
# Initialize CSRF protection.
self.csrf.init_app(app)
@csrf.exempt
@app.route('/foo', methods=['POST'])
@app.route('/foo/<term>', methods=['POST'])
def foo(term=None):
return 'bar'
@app.route('/bar', methods=['POST'])
@app.route('/bar/<term>', methods=['POST'])
def bar(term=None):
return 'foo'
Also add SeaSurf CSRF protection and
exempt from validation google and
facebook login.
"""
from flask import Flask
from flask_seasurf import SeaSurf
from .views.bookstore import bookstore
from .views.book import book
from .views.auth_login import auth_login
from .views.auth_logout import auth_logout
from .views.auth_google import auth_google
from .views.auth_facebook import auth_facebook
app = Flask(__name__)
app.register_blueprint(bookstore)
app.register_blueprint(book)
app.register_blueprint(auth_login)
app.register_blueprint(auth_logout)
app.register_blueprint(auth_google)
app.register_blueprint(auth_facebook)
csrf = SeaSurf(app)
csrf._csrf_disable = False
csrf.exempt_urls((
'/gconnect',
'/fbconnect',
))
