Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: disable strict SSL for CSRF protection in the application configuration

Browse source
This commit is contained in:
Théophile Diot 2024-12-09 12:59:53 +01:00
parent cacab54225
commit 56432f62c4
No known key found for this signature in database
GPG key ID: FA995104A0BA376A
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/ui/main.py
View file

@ -99,6 +99,7 @@ with app.app_context():
sess.init_app(app)
# CSRF protection
app.config["WTF_CSRF_SSL_STRICT"] = False
csrf = CSRFProtect()
csrf.init_app(app)
@ -333,7 +334,6 @@ def before_request():
app.config["SESSION_COOKIE_SECURE"] = False
app.config["REMEMBER_COOKIE_NAME"] = "bw_ui_remember_token"
app.config["REMEMBER_COOKIE_SECURE"] = False
app.config["WTF_CSRF_SSL_STRICT"] = False
app.config["SCRIPT_NONCE"] = token_urlsafe(32)