Open gehaxelt opened 8 years ago
PS: Closes #9 #8 #6
In my opinion, CSRF protection is not needed, and in your CTF it was inconvenient for my team. Normally in a CTF, you open the challenges page, click on some challenges to open them in new tabs, then open each tab, solve the challenge and submit the flag. With your CSRF protection, once you open the second tab, you could not submit the flag for the challenge in the first tab, because the CSRF token has been changed and is no longer valid.
Hi @yeuchimse
Thanks for the feedback! I've pushed a fix for this by providing a enable_csrf_protection
configuration option :)
Nice fix :D I though you would remove that protection, but giving an option to disable it seems better for all people :D
Hi all,
I'm still here, but a bit busy at the moment. I'll get back to these PRs later, and hopefully merge them. Thanks for your interest in the project.
Hi, I've implemented some featuers:
before_end
andafter_start
annotations which restrict some actions before/during/after the CTFThat are more or less the changes I made for our CTF.
All the best, gehaxelt