handle csrf error

2024-10-22 17:05:49 +02:00 · 2020-03-17 02:18:18 +00:00 · 2020-03-17 02:18:18 +00:00 · 816833bac0
commit 816833bac0
parent 1e7477dd96
2 changed files with 10 additions and 2 deletions
--- a/app.py
+++ b/app.py
@ -14,7 +14,7 @@ from functools import wraps
 from flask import Flask, g, jsonify, render_template, request, abort, redirect, session, flash
 from flask_caching import Cache
 from flask_session import Session
-from flask_wtf.csrf import CSRFProtect, generate_csrf
+from flask_wtf.csrf import CSRFProtect, generate_csrf, CSRFError
 from ffmpy import FFmpeg
 from pymongo import MongoClient

@ -23,7 +23,6 @@ client = MongoClient(host=config.MONGO['host'])

 app.secret_key = config.SECRET_KEY
 app.config['SESSION_TYPE'] = 'redis'
-app.config['SESSION_COOKIE_HTTPONLY'] = False
 app.cache = Cache(app, config=config.REDIS)
 sess = Session()
 sess.init_app(app)
@ -86,6 +85,11 @@ def admin_required(level):
    return decorated_function


+@app.errorhandler(CSRFError)
+def handle_csrf_error(e):
+    return api_error('invalid_csrf')
+
+
@app.before_request
 def before_request_func():
    if session.get('session_id'):
--- a/public/src/js/strings.js
+++ b/public/src/js/strings.js
@ -1048,6 +1048,10 @@ var translations = {
 		verify_password_invalid: {
 			ja: null,
 			en: "Verification password does not match",
+		},
+		invalid_csrf: {
+			ja: null,
+			en: "Security token expired. Please refresh the page."
 		}
 	},
 	browserSupport: {