Adding csrf to templates.

author: Kalevi Yypänaho <kyypanah@local> 2023-11-27 20:35:57 +0200
committer: Kalevi Yypänaho <kyypanah@local> 2023-11-27 20:35:57 +0200
commit: d74aca91c689b54b7b49bbfa7121f458f4caf751 (patch)
tree: b13f1ffc7d6f5c816ac16147cc9b8703a17c69c7 /routes/base.py
parent: d6c73dbde8a35905a8f29caf9b6d088043a5e78f (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/routes/base.py b/routes/base.py
index 42d8cdf..2c4b1f2 100644
--- a/routes/base.py
+++ b/routes/base.py
@@ -1,3 +1,4 @@
+from secrets import token_urlsafe
 from app import app
 from flask import render_template,session,request,redirect
 import db_actions as D
@@ -26,7 +27,8 @@ def info():
 @app.route("/set/nick",methods=["POST"])
 def new_nick():
     next = "/#"+request.form["caller"] if "caller" in request.form else "/"
-    csrf_check(next)
+    if csrf_check():
+        return redirect(next)
     if "id" in session.keys():
         session["alert"]="Sinulla on jo nimimerkki. Käytä sitä."
         return redirect(next)
author	Kalevi Yypänaho <kyypanah@local>	2023-11-27 20:35:57 +0200
committer	Kalevi Yypänaho <kyypanah@local>	2023-11-27 20:35:57 +0200
commit	d74aca91c689b54b7b49bbfa7121f458f4caf751 (patch)
tree	b13f1ffc7d6f5c816ac16147cc9b8703a17c69c7 /routes/base.py
parent	d6c73dbde8a35905a8f29caf9b6d088043a5e78f (diff)