puppet/puppetboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #217 from corey-hammerton/issue-198

Browse Source 
puppetboard/app: Disabling CSRF protection globally.

I still think this is a bad idea but I don't see any other way.
This commit is contained in:
Corey Hammerton
2016-02-09 19:37:18 -05:00
parent beef893b6a 492e1057e0
commit 43ff09fbd4
1 changed files with 3 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
puppetboard/app.py
View File

@@ -15,7 +15,6 @@ from flask import (
Response, stream_with_context, redirect, Response, stream_with_context, redirect,
request request
) )
from flask_wtf.csrf import CsrfProtect
from pypuppetdb import connect from pypuppetdb import connect
@@ -27,7 +26,6 @@ from puppetboard.utils import (
app = Flask(__name__) app = Flask(__name__)
CsrfProtect(app)
app.config.from_object('puppetboard.default_settings') app.config.from_object('puppetboard.default_settings')
graph_facts = app.config['GRAPH_FACTS'] graph_facts = app.config['GRAPH_FACTS']
@@ -727,10 +725,10 @@ def query(env):
select field in the environment block select field in the environment block
:type env: :obj:`string` :type env: :obj:`string`
""" """
envs = environments()
check_env(env, envs)
if app.config['ENABLE_QUERY']: if app.config['ENABLE_QUERY']:
envs = environments()
check_env(env, envs)
form = QueryForm() form = QueryForm()
if form.validate_on_submit(): if form.validate_on_submit():
if form.query.data[0] == '[': if form.query.data[0] == '[':