PuppetBoard: Upgrading WTForms to latest version and restoring CSRF Protection (#250)
Upgrading the following packages to the respected versions: WTForms==2.1 Flask-WTF==0.12 Werkzeug==0.11.0 Passing newly required metadata to the QueryForm constructor in puppetboard/app.py Apache >= 2.4 with mod_wsgi experienced a major issue where it would re-generate the app's secret key on each request. The fix for this turned out to be placing a permanent statis 'secret_key' value in the wsgi.py. Adding a block in README.rst on how to implement the user's own secret_key
This commit is contained in:
Corey Hammerton
@@ -13,7 +13,7 @@ from itertools import tee
|
||||
from flask import (
|
||||
Flask, render_template, abort, url_for,
|
||||
Response, stream_with_context, redirect,
|
||||
request
|
||||
request, session
|
||||
)
|
||||
|
||||
from pypuppetdb import connect
|
||||
@@ -730,7 +730,9 @@ def query(env):
|
||||
envs = environments()
|
||||
check_env(env, envs)
|
||||
|
||||
form = QueryForm(csrf_enabled=False)
|
||||
form = QueryForm(meta={
|
||||
'csrf_secret': app.config['SECRET_KEY'],
|
||||
'csrf_context': session})
|
||||
if form.validate_on_submit():
|
||||
if form.endpoints.data == 'pql':
|
||||
query = form.query.data
|
||||
|
||||
Reference in New Issue
Block a user