From c618290a4476fd01f46b079e8b95bbc16341cbca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marjo=20Murtom=C3=A4ki?= <mmurtoma@local>
Date: Mon, 27 Nov 2023 19:56:22 +0200
Subject: Adding csrf checking to every post handler.

---
 routes/create.py | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'routes/create.py')

diff --git a/routes/create.py b/routes/create.py
index 36c2521..c218d1f 100644
--- a/routes/create.py
+++ b/routes/create.py
@@ -41,6 +41,7 @@ def create():
 
 @app.route("/set/quiz",methods=["POST"])
 def new_quiz():
+    csrf_check("/#create")
     if not "id" in session.keys():
         session["alert"]="Tarvitset nimimerkin loudaksesi."
         return redirect("/#create")
@@ -51,6 +52,7 @@ def new_quiz():
 
 @app.route("/set/quiz_ready",methods=["POST"])
 def quiz_ready():
+    csrf_check("/#create")
     if "quiz_id" not in session.keys():
         session["alert"] = "Kyselmä jota ei ole aloitettu ei voi olla valmis."
         return redirect("/#create")
-- 
cgit v1.2.3