Closed barrucadu closed 3 years ago
The admin actions are particularly bad for this, as they all work with GET requests.
Here's a snippet about CSRF and Flask: http://flask.pocoo.org/snippets/3/
Probably better would be a decorator that checks the params, as that would then work with GET and POST requests.
The admin actions are particularly bad for this, as they all work with GET requests.
Here's a snippet about CSRF and Flask: http://flask.pocoo.org/snippets/3/
Probably better would be a decorator that checks the params, as that would then work with GET and POST requests.