-
Notifications
You must be signed in to change notification settings - Fork 14.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update example webserver_config.py to show correct CSRF config #8944
Conversation
CSRF_ENABLED does nothing. Thankfully, due to sensible defaults in flask-wtf, CSRF is on by default, but we should set this correctly. Fixes apache#8915
@@ -34,7 +34,7 @@ | |||
SQLALCHEMY_DATABASE_URI = conf.get('core', 'SQL_ALCHEMY_CONN') | |||
|
|||
# Flask-WTF flag for CSRF | |||
CSRF_ENABLED = True | |||
WTF_CSRF_ENABLED = True |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://github.com/lepture/flask-wtf/blob/v0.14.2/flask_wtf/csrf.py#L176-L189 is what reads this. I have confirmed that setting CSRF_ENABLE=False
does nothing, but setting WTF_CSRF_ENABLED = False
does correctly disable the requirement for CSRF.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 👍 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you!!!
…e#8944) CSRF_ENABLED does nothing. Thankfully, due to sensible defaults in flask-wtf, CSRF is on by default, but we should set this correctly. Fixes apache#8915 (cherry picked from commit 16206cd)
CSRF_ENABLED does nothing.
Thankfully, due to sensible defaults in flask-wtf, CSRF is on by
default, but we should set this correctly.
Fixes #8915
Make sure to mark the boxes below before creating PR: [x]
In case of fundamental code change, Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in UPDATING.md.
Read the Pull Request Guidelines for more information.