From e2a39de7d1f6ac8ccea74aa1a81b8ebefed7c908 Mon Sep 17 00:00:00 2001
From: Eric Radman <eradman@starfishstorage.com>
Date: Mon, 22 Apr 2024 23:14:45 -0400
Subject: [PATCH] Remove workaround from check_csrf() (#6919)

This code was supposed to be temporary, and raises an exception if REDASH_MULTI_ORG=true is set.
---
 redash/security.py | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

diff --git a/redash/security.py b/redash/security.py
index 8311445457..c123abbf13 100644
--- a/redash/security.py
+++ b/redash/security.py
@@ -1,6 +1,6 @@
 import functools
 
-from flask import request, session
+from flask import session
 from flask_login import current_user
 from flask_talisman import talisman
 from flask_wtf.csrf import CSRFProtect, generate_csrf
@@ -35,17 +35,6 @@ def inject_csrf_token(response):
 
         @app.before_request
         def check_csrf():
-            # BEGIN workaround until https://github.com/lepture/flask-wtf/pull/419 is merged
-            if request.blueprint in csrf._exempt_blueprints:
-                return
-
-            view = app.view_functions.get(request.endpoint)
-            dest = f"{view.__module__}.{view.__name__}"
-
-            if dest in csrf._exempt_views:
-                return
-            # END workaround
-
             if not current_user.is_authenticated or "user_id" in session:
                 csrf.protect()