File tree Expand file tree Collapse file tree 4 files changed +89
-0
lines changed
Expand file tree Collapse file tree 4 files changed +89
-0
lines changed Original file line number Diff line number Diff line change 1+ #flask-restplus-csrf==0.12.1a
2+ flask == 1.1.1
3+ aniso8601 == 8.0.0
4+ pytz == 2019.3
5+ jsonschema == 3.2.0
6+ flask-sqlalchemy == 2.4.1
7+ flask-login == 0.4.1
8+ pycryptodome == 3.9.4
Original file line number Diff line number Diff line change 1+ function getMeta ( name ) {
2+ // <meta name="foo" content="bar">
3+ // getMeta("foo") -=> "bar"
4+
5+ const metas = document . getElementsByTagName ( "meta" ) ;
6+
7+ for ( let i = 0 ; i < metas . length ; i ++ ) {
8+ if ( metas [ i ] . getAttribute ( "name" ) === name ) {
9+ return metas [ i ] . getAttribute ( "content" ) ;
10+ }
11+ }
12+
13+ return "" ;
14+ }
15+
16+ function addTokenToForms ( ) {
17+ const forms = document . getElementsByTagName ( "form" ) ;
18+
19+ for ( let i = 0 ; i < forms . length ; i ++ ) {
20+ var input = document . createElement ( "input" ) ;
21+ input . type = "hidden" ;
22+ input . name = "csrf" ;
23+ input . value = getMeta ( "csrf" ) ;
24+ forms [ i ] . appendChild ( input ) ;
25+ }
26+ }
27+ window . onload = addTokenToForms ;
Original file line number Diff line number Diff line change 1+ {% extends "layout.html" %}
2+ {% block content %}
3+ < div class ="jumbo ">
4+ < h2 > Welcome to the Flask app</ h2 >
5+ {% if message is defined %}
6+ < font color ="red "> {{ message }}</ font >
7+ {% endif %}
8+ {% if session.logged_in %}
9+ < p > You are currently logged in as {{ session.username }}.</ p >
10+ {% endif %}
11+ < p > Here are some links:
12+ < ul >
13+ < li > < a href ="/web "> Home</ a > </ li >
14+ {% if session.logged_in %}
15+ < li > < a href ="logout "> Logout</ a > </ li >
16+ {% endif %}
17+ </ ul >
18+ </ p >
19+ {% if not session.logged_in %}
20+ < h3 > Login Form</ h3 >
21+ < form method ="post " action ="/web/login ">
22+ < input type ="text " name ="username " />
23+ < input type ="password " name ="passphrase " />
24+ < input type ="submit " />
25+ </ form >
26+ {% endif %}
27+
28+ < h3 > Get secure info</ h3 >
29+ < form method ="post " action ="/web/secure ">
30+ < input type ="submit " />
31+ </ form >
32+ </ div >
33+ {% endblock %}
34+
Original file line number Diff line number Diff line change 1+ <!DOCTYPE html>
2+ < html >
3+ < head >
4+ < title > Toy Flask App</ title >
5+ < script type ="text/javascript " src ="/static/js/csrf.js "> </ script >
6+ </ head >
7+ < body >
8+
9+ < header >
10+ < div class ="container ">
11+ < h1 class ="logo "> Toy Flask App With CSRF</ h1 >
12+ </ div >
13+ </ header >
14+
15+ < div class ="container ">
16+ {% block content %}
17+ {% endblock %}
18+ </ div >
19+ </ body >
20+ </ html >
You can’t perform that action at this time.
0 commit comments