Adding csrf checking to every post handler.

author: Marjo Murtomäki <mmurtoma@local> 2023-11-27 19:56:22 +0200
committer: Marjo Murtomäki <mmurtoma@local> 2023-11-27 19:56:22 +0200
commit: c618290a4476fd01f46b079e8b95bbc16341cbca (patch)
tree: 9b74d598584d25b7b032d53da919d3338d0eb191 /routes/answer.py
parent: f965d5d1f799037cd49accae9256ed42b8c17ccb (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/routes/answer.py b/routes/answer.py
index 2fbeec8..6d767be 100644
--- a/routes/answer.py
+++ b/routes/answer.py
@@ -14,6 +14,7 @@ def kys_link(link):
 @app.route("/set/answer_id",methods=["POST"])
 def answer_id():
     next = "/#"+request.form["caller"] if "caller" in request.form else "/"
+    csrf_check(next)
     if "id" not in session:
         session["alert"] = "Nimimerkkiä ei ole asetettu."
         return redirect(next)
@@ -81,6 +82,7 @@ def answer():
 
 @app.route("/set/answers",methods=["POST"])
 def set_answers():
+    csrf_check("/#answer")
     if "id" not in session:
         session["alert"]="Nimimerkkiä ei ole vielä valittu!"
         return redirect( "/#answer" )
author	Marjo Murtomäki <mmurtoma@local>	2023-11-27 19:56:22 +0200
committer	Marjo Murtomäki <mmurtoma@local>	2023-11-27 19:56:22 +0200
commit	c618290a4476fd01f46b079e8b95bbc16341cbca (patch)
tree	9b74d598584d25b7b032d53da919d3338d0eb191 /routes/answer.py
parent	f965d5d1f799037cd49accae9256ed42b8c17ccb (diff)