diff --git a/app.py b/app.py index 22419b7..45d9a7b 100644 --- a/app.py +++ b/app.py @@ -14,7 +14,7 @@ from functools import wraps from flask import Flask, g, jsonify, render_template, request, abort, redirect, session, flash from flask_caching import Cache from flask_session import Session -from flask_wtf.csrf import CSRFProtect, generate_csrf +from flask_wtf.csrf import CSRFProtect, generate_csrf, CSRFError from ffmpy import FFmpeg from pymongo import MongoClient @@ -23,7 +23,6 @@ client = MongoClient(host=config.MONGO['host']) app.secret_key = config.SECRET_KEY app.config['SESSION_TYPE'] = 'redis' -app.config['SESSION_COOKIE_HTTPONLY'] = False app.cache = Cache(app, config=config.REDIS) sess = Session() sess.init_app(app) @@ -86,6 +85,11 @@ def admin_required(level): return decorated_function +@app.errorhandler(CSRFError) +def handle_csrf_error(e): + return api_error('invalid_csrf') + + @app.before_request def before_request_func(): if session.get('session_id'): diff --git a/public/src/js/strings.js b/public/src/js/strings.js index 8eae935..26a3d24 100644 --- a/public/src/js/strings.js +++ b/public/src/js/strings.js @@ -1048,6 +1048,10 @@ var translations = { verify_password_invalid: { ja: null, en: "Verification password does not match", + }, + invalid_csrf: { + ja: null, + en: "Security token expired. Please refresh the page." } }, browserSupport: {