- Improved CSRF handling

- Wordpress plugin for Evie Chat
2024-08-13 14:31:29 +02:00
parent ab38dd7540
commit a237db339a
14 changed files with 944 additions and 23 deletions
--- a/eveai_app/views/basic_views.py
+++ b/eveai_app/views/basic_views.py
@@ -1,5 +1,6 @@
 from flask import request, render_template, Blueprint, session, current_app, jsonify
 from flask_security import roles_required, roles_accepted
+from flask_wtf.csrf import generate_csrf

 from .basic_forms import SessionDefaultsForm

@@ -59,3 +60,14 @@ def set_user_timezone():
 def health():
    return jsonify({'status': 'ok'}), 200

+
+@basic_bp.route('/check_csrf', methods=['GET'])
+def check_csrf():
+    csrf_token = generate_csrf()
+    return jsonify({
+        'csrf_token_in_session': session.get('csrf_token'),
+        'generated_csrf_token': csrf_token,
+        'session_id': session.sid if hasattr(session, 'sid') else None,
+        'session_data': dict(session)
+    })
+