From f1c9190a2dc2ea8a26cc1b5a95dd1a6d03bfab4f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Bonhomme?= <cedric@cedricbonhomme.org>
Date: Sun, 14 Jul 2024 18:10:12 +0200
Subject: [PATCH] chg: [security] Enable CSRF protection globally.

---
 mosp/bootstrap.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/mosp/bootstrap.py b/mosp/bootstrap.py
index 525f3be..24fedca 100644
--- a/mosp/bootstrap.py
+++ b/mosp/bootstrap.py
@@ -14,6 +14,7 @@
 from flask_cors import CORS
 from flask_migrate import Migrate
 from flask_sqlalchemy import SQLAlchemy
+from flask_wtf.csrf import CSRFProtect
 from werkzeug.routing import BaseConverter
 from werkzeug.routing import ValidationError
 
@@ -74,9 +75,12 @@ def set_logging(
     except Exception:
         application.config.from_pyfile("development.py", silent=False)
 
+# Database and migration
 db = SQLAlchemy(application)
 migrate = Migrate(application, db)
 
+# Enable CSRF protection globally
+csrf = CSRFProtect(application)
 
 cors = CORS(
     application,
@@ -86,7 +90,6 @@ def set_logging(
     },
 )
 
-
 # i18n and l10n support
 def get_locale():
     # if a user is logged in, use the locale from the user settings