summaryrefslogtreecommitdiffstats
path: root/python/fatcat_web/web_config.py
diff options
context:
space:
mode:
authorBryan Newbold <bnewbold@robocracy.org>2019-04-04 11:21:41 -0700
committerBryan Newbold <bnewbold@robocracy.org>2019-04-04 11:21:41 -0700
commitc4591cd12298cc03cd96af829a9a007d83d4e537 (patch)
tree1a5e47037bb2294a34841f0a7f7b04da3fccc369 /python/fatcat_web/web_config.py
parent005236655dec1cb3f7409724a711a19b52aa9108 (diff)
parentedb9c1b85f367a50957dc0423c3104b900c7e92c (diff)
downloadfatcat-c4591cd12298cc03cd96af829a9a007d83d4e537.tar.gz
fatcat-c4591cd12298cc03cd96af829a9a007d83d4e537.zip
Merge branch 'bnewbold-forms'
Diffstat (limited to 'python/fatcat_web/web_config.py')
-rw-r--r--python/fatcat_web/web_config.py17
1 files changed, 12 insertions, 5 deletions
diff --git a/python/fatcat_web/web_config.py b/python/fatcat_web/web_config.py
index 8fe50049..b12cb114 100644
--- a/python/fatcat_web/web_config.py
+++ b/python/fatcat_web/web_config.py
@@ -39,8 +39,18 @@ class Config(object):
IA_XAUTH_CLIENT_ID = os.environ.get("IA_XAUTH_CLIENT_ID", default=None)
IA_XAUTH_CLIENT_SECRET = os.environ.get("IA_XAUTH_CLIENT_SECRET", default=None)
- # protect cookies (which include API tokens)
- if FATCAT_DOMAIN != "dev.fatcat.wiki":
+ # CSRF on by default, but only for WTF forms (not, eg, search, lookups, GET
+ # forms)
+ WTF_CSRF_CHECK_DEFAULT = False
+ WTF_CSRF_TIME_LIMIT = None
+
+ if FATCAT_DOMAIN == "dev.fatcat.wiki":
+ # "Even more verbose" debug options
+ #SQLALCHEMY_ECHO = True
+ #DEBUG = True
+ pass
+ else:
+ # protect cookies (which include API tokens)
SESSION_COOKIE_HTTPONLY = True
SESSION_COOKIE_SECURE = True
SESSION_COOKIE_SAMESITE = 'Lax'
@@ -61,6 +71,3 @@ class Config(object):
},
}
- # "Even more verbose" debug options
- #SQLALCHEMY_ECHO = True
- #DEBUG = True