def init_app(self, app):
self._app = app
app.jinja_env.globals['csrf_token'] = generate_csrf
app.config.setdefault(
'WTF_CSRF_HEADERS', ['X-CSRFToken', 'X-CSRF-Token']
)
app.config.setdefault('WTF_CSRF_SSL_STRICT', True)
app.config.setdefault('WTF_CSRF_ENABLED', True)
app.config.setdefault('WTF_CSRF_CHECK_DEFAULT', True)
app.config.setdefault('WTF_CSRF_METHODS', ['POST', 'PUT', 'PATCH'])
# expose csrf_token as a helper in all templates
@app.context_processor
def csrf_token():
return dict(csrf_token=generate_csrf)
if not app.config['WTF_CSRF_ENABLED']:
return
if not app.config['WTF_CSRF_CHECK_DEFAULT']:
return
@app.before_request
def _csrf_protect():
# many things come from django.middleware.csrf
if request.method not in app.config['WTF_CSRF_METHODS']:
return
if self._exempt_views or self._exempt_blueprints:
if not request.endpoint:
return
view = app.view_functions.get(request.endpoint)
if not view:
return
dest = '%s.%s' % (view.__module__, view.__name__)
if dest in self._exempt_views:
return
if request.blueprint in self._exempt_blueprints:
return
self.protect()
评论列表
文章目录
