b1-66er/microblog.pub
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #81 from hiromi-mi/fix_csrf_authorize_follow

Browse Source 
Add CSRF Protection in POST /authorize_follow
This commit is contained in:
Thomas Sileo
2020-06-04 08:08:16 +02:00
committed by GitHub
parent f5f8e0cfeb a34905dfda
commit 8df0ddb03a
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
blueprints/admin.py
View File

@@ -639,6 +639,7 @@ def authorize_follow():
)
)
csrf.protect()
actor = get_actor_url(request.form.get("profile"))
if not actor:
abort(500)