def csrf_protect():
if request.method == 'POST':
token = session.pop('_csrf_token', None)
if not token or token != request.form.get('_csrf_token'):
abort(403)
if '_csrf_token' not in session:
session['_csrf_token'] = str(uuid.uuid4())
评论列表
文章目录
