chg: [security] Enable CSRF protection globally.

NC3-LU · Jul 14, 2024 · f1c9190 · f1c9190
1 parent c0ab1cd
commit f1c9190
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/mosp/bootstrap.py b/mosp/bootstrap.py
@@ -14,6 +14,7 @@
 from flask_cors import CORS
 from flask_migrate import Migrate
 from flask_sqlalchemy import SQLAlchemy
+from flask_wtf.csrf import CSRFProtect
 from werkzeug.routing import BaseConverter
 from werkzeug.routing import ValidationError
 
@@ -74,9 +75,12 @@ def set_logging(
     except Exception:
         application.config.from_pyfile("development.py", silent=False)
 
+# Database and migration
 db = SQLAlchemy(application)
 migrate = Migrate(application, db)
 
+# Enable CSRF protection globally
+csrf = CSRFProtect(application)
 
 cors = CORS(
     application,
@@ -86,7 +90,6 @@ def set_logging(
     },
 )
 
-
 # i18n and l10n support
 def get_locale():
     # if a user is logged in, use the locale from the user settings