tmdinosaurcenter/kiosk-guestbook
1
0
Fork 0
mirror of https://github.com/tmdinosaurcenter/kiosk-guestbook.git synced 2026-06-04 01:18:12 -06:00
Code Issues Packages Projects Releases Wiki Activity

feat: add CSRF protection to all POST forms

Browse Source 
Installs Flask-WTF and enables CSRFProtect globally. Adds csrf_token
hidden fields to all four POST forms (login, delete entry, add user,
delete user, and the public guestbook form). Exempts the API endpoint
which uses header-based key auth instead.
This commit is contained in:
Steve Dogiakos
2026-03-28 23:17:26 -06:00
parent 9ad7128619
commit ecdcc044b7
6 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
requirements.txt
+1
View File
@@ -1,4 +1,5 @@
Flask>=3.1.3
Flask-WTF>=1.2
Werkzeug>=3.0.6
Flask-Limiter>=3.0
Flask-Login>=0.6