From a34905dfdace5e3fb486cffdb34af14fe2b561fd Mon Sep 17 00:00:00 2001
From: hiromi-mi <hiromi-mi@cat.zaq.jp>
Date: Thu, 4 Jun 2020 14:43:52 +0900
Subject: [PATCH] Check CSRF Token at POST /authorize_follow

---
 blueprints/admin.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/blueprints/admin.py b/blueprints/admin.py
index f4290c9..4af4ef3 100644
--- a/blueprints/admin.py
+++ b/blueprints/admin.py
@@ -639,6 +639,7 @@ def authorize_follow():
             )
         )
 
+    csrf.protect()
     actor = get_actor_url(request.form.get("profile"))
     if not actor:
         abort(500)