Merge pull request #217 from corey-hammerton/issue-198

puppetboard/app: Disabling CSRF protection globally. I still think this is a bad idea but I don't see any other way.
2016-02-09 19:37:18 -05:00
parent beef893b6a 492e1057e0
commit 43ff09fbd4
1 changed files with 3 additions and 5 deletions
--- a/puppetboard/app.py
+++ b/puppetboard/app.py
@@ -15,7 +15,6 @@ from flask import (
    Response, stream_with_context, redirect,
    request
    )
-from flask_wtf.csrf import CsrfProtect

 from pypuppetdb import connect

@@ -27,7 +26,6 @@ from puppetboard.utils import (


 app = Flask(__name__)
-CsrfProtect(app)

 app.config.from_object('puppetboard.default_settings')
 graph_facts = app.config['GRAPH_FACTS']
@@ -727,10 +725,10 @@ def query(env):
        select field in the environment block
    :type env: :obj:`string`
    """
+    if app.config['ENABLE_QUERY']:
        envs = environments()
        check_env(env, envs)

-    if app.config['ENABLE_QUERY']:
        form = QueryForm()
        if form.validate_on_submit():
            if form.query.data[0] == '[':