aboutsummaryrefslogtreecommitdiffstats
path: root/python/fatcat_web
diff options
context:
space:
mode:
Diffstat (limited to 'python/fatcat_web')
-rw-r--r--python/fatcat_web/routes.py15
1 files changed, 10 insertions, 5 deletions
diff --git a/python/fatcat_web/routes.py b/python/fatcat_web/routes.py
index 44216809..18c51d43 100644
--- a/python/fatcat_web/routes.py
+++ b/python/fatcat_web/routes.py
@@ -343,7 +343,8 @@ def editgroup_view(ident):
@app.route('/editgroup/<ident>/annotation', methods=['POST'])
@login_required
def editgroup_create_annotation(ident):
- app.csrf.protect()
+ if not app.testing:
+ app.csrf.protect()
comment_markdown = request.form.get('comment_markdown')
if not comment_markdown:
app.log.info("empty comment field")
@@ -368,7 +369,8 @@ def editgroup_create_annotation(ident):
@app.route('/editgroup/<ident>/accept', methods=['POST'])
@login_required
def editgroup_accept(ident):
- app.csrf.protect()
+ if not app.testing:
+ app.csrf.protect()
# on behalf of user...
user_api = auth_api(session['api_token'])
try:
@@ -385,7 +387,8 @@ def editgroup_accept(ident):
@app.route('/editgroup/<ident>/unsubmit', methods=['POST'])
@login_required
def editgroup_unsubmit(ident):
- app.csrf.protect()
+ if not app.testing:
+ app.csrf.protect()
# on behalf of user...
user_api = auth_api(session['api_token'])
try:
@@ -402,7 +405,8 @@ def editgroup_unsubmit(ident):
@app.route('/editgroup/<ident>/submit', methods=['POST'])
@login_required
def editgroup_submit(ident):
- app.csrf.protect()
+ if not app.testing:
+ app.csrf.protect()
# on behalf of user...
print("submitting...")
user_api = auth_api(session['api_token'])
@@ -618,7 +622,8 @@ def token_login():
@app.route('/auth/change_username', methods=['POST'])
@login_required
def change_username():
- app.csrf.protect()
+ if not app.testing:
+ app.csrf.protect()
# show the user a list of login options
if not 'username' in request.form:
abort(400)