b1-66er/microblog.pub
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Check CSRF Token at POST /authorize_follow

Browse Source
This commit is contained in:
hiromi-mi
2020-06-04 14:43:52 +09:00
parent 4c5d798ed4
commit a34905dfda
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
blueprints/admin.py
View File

@@ -639,6 +639,7 @@ def authorize_follow():
)
)
csrf.protect()
actor = get_actor_url(request.form.get("profile"))
if not actor:
abort(500)