handle csrf error

This commit is contained in:
Bui 2020-03-17 02:18:18 +00:00
parent 1e7477dd96
commit 816833bac0
2 changed files with 10 additions and 2 deletions

8
app.py
View File

@ -14,7 +14,7 @@ from functools import wraps
from flask import Flask, g, jsonify, render_template, request, abort, redirect, session, flash from flask import Flask, g, jsonify, render_template, request, abort, redirect, session, flash
from flask_caching import Cache from flask_caching import Cache
from flask_session import Session from flask_session import Session
from flask_wtf.csrf import CSRFProtect, generate_csrf from flask_wtf.csrf import CSRFProtect, generate_csrf, CSRFError
from ffmpy import FFmpeg from ffmpy import FFmpeg
from pymongo import MongoClient from pymongo import MongoClient
@ -23,7 +23,6 @@ client = MongoClient(host=config.MONGO['host'])
app.secret_key = config.SECRET_KEY app.secret_key = config.SECRET_KEY
app.config['SESSION_TYPE'] = 'redis' app.config['SESSION_TYPE'] = 'redis'
app.config['SESSION_COOKIE_HTTPONLY'] = False
app.cache = Cache(app, config=config.REDIS) app.cache = Cache(app, config=config.REDIS)
sess = Session() sess = Session()
sess.init_app(app) sess.init_app(app)
@ -86,6 +85,11 @@ def admin_required(level):
return decorated_function return decorated_function
@app.errorhandler(CSRFError)
def handle_csrf_error(e):
return api_error('invalid_csrf')
@app.before_request @app.before_request
def before_request_func(): def before_request_func():
if session.get('session_id'): if session.get('session_id'):

View File

@ -1048,6 +1048,10 @@ var translations = {
verify_password_invalid: { verify_password_invalid: {
ja: null, ja: null,
en: "Verification password does not match", en: "Verification password does not match",
},
invalid_csrf: {
ja: null,
en: "Security token expired. Please refresh the page."
} }
}, },
browserSupport: { browserSupport: {