search

maxcountryman / flask-seasurf

SeaSurf is a Flask extension for preventing cross-site request forgery (CSRF).
http://readthedocs.org/docs/flask-seasurf/
Other
190 stars 49 forks source link

Remove usage of deprecated flask._app_ctx_stack #132

Closed c4rlo closed 2 years ago

c4rlo commented 2 years ago

This emits deprecation warnings as of Flask 2.2:

.../.venv/lib/python3.10/site-packages/flask_seasurf.py:28: DeprecationWarning: '_app_ctx_stack' is deprecated and will be removed in Flask 2.3.
  from flask import (_app_ctx_stack, current_app, g, has_request_context, request,

See:

https://flask.palletsprojects.com/en/2.2.0/changes/#version-2-2-0

As recommended, use flask.g instead (prefixing our variables with seasurf_ for namespacing purposes).

For more info, see https://flask.palletsprojects.com/en/2.1.x/extensiondev/#data-during-a-request

(The 2.2.x version of that section removes the final paragraph about _app_ctx_stack, presumably because it's now so deprecated that they don't want to mention it at all anymore in the docs.)

I noticed that we already use flask.g to store one item, named csrf_validation_checked. This is now inconsistent with the seasurf_ prefix I've used for the other items. I felt that using seasurf_ as a prefix is more important than maintaining this consistency. At the same time, I did not want to rename csrf_validation_checked, in case that would break any users.

alanhamlett commented 2 years ago

We can rename g.csrf_validation_checked and just bump the major version in the release containing that change.