From d87794d290f119726a884fae90d8d82f5f2056e5 Mon Sep 17 00:00:00 2001 From: openrefactory Date: Thu, 1 Sep 2022 12:46:56 +0600 Subject: [PATCH] Suggested fixes by iCR, OpenRefactory, Inc. --- examples/javascript/js_example/__init__.py | 4 ++++ examples/tutorial/flaskr/__init__.py | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/examples/javascript/js_example/__init__.py b/examples/javascript/js_example/__init__.py index 068b2d98..110eb42b 100644 --- a/examples/javascript/js_example/__init__.py +++ b/examples/javascript/js_example/__init__.py @@ -1,5 +1,9 @@ from flask import Flask +from flask_wtf.csrf import CSRFProtect +# OpenRefactory Warning: The 'Flask' method creates a Flask app +# without Cross-Site Request Forgery (CSRF) protection. app = Flask(__name__) +CSRFProtect(app) from js_example import views # noqa: F401 diff --git a/examples/tutorial/flaskr/__init__.py b/examples/tutorial/flaskr/__init__.py index bb9cce5a..15653756 100644 --- a/examples/tutorial/flaskr/__init__.py +++ b/examples/tutorial/flaskr/__init__.py @@ -1,11 +1,15 @@ import os from flask import Flask +from flask_wtf.csrf import CSRFProtect def create_app(test_config=None): """Create and configure an instance of the Flask application.""" + # OpenRefactory Warning: The 'Flask' method creates a Flask app + # without Cross-Site Request Forgery (CSRF) protection. app = Flask(__name__, instance_relative_config=True) + CSRFProtect(app) app.config.from_mapping( # a default secret that should be overridden by instance config SECRET_KEY="dev",