-
-
Notifications
You must be signed in to change notification settings - Fork 146
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use CSRF header on ajax calls, if available #156
Comments
Happy to merge a PR if you or anyone else wants to dig into it. My current work is unrelated to Flask, so won't have time to look into it myself. |
@jeffwideman @luismanson I also face this issue with the SQLAlchemy panel when clicking SELECT and EXPLAIN SELECT next to the queries. I will look into correcting this and opening a PR in the next day or so. |
Any update on this? Still facing this issue on master branch, so I guess it was never merged/created ? |
@rimvislt I haven't had the time to invest in contributing this change. |
I have run into this issue as well I think, but didn't dive into debugging it yet. I'm in favor of getting a solution in place when someone has time to continue down this path. |
A workaround in flask app init script:
|
Hello, I just discovered template editor, but was unable to preview and save template edits.
After further inspection, it seems to be that in template_editor.html' all ajax calls don't use the CSRF header provided by Flask-WTF.
The code suggested in their site regarding javascript requests has no effect.
I hope it can be fixed, thanks for this great tool.
The text was updated successfully, but these errors were encountered: