Commit 3c13cb81 authored by Carsten Fortmann-Grote's avatar Carsten Fortmann-Grote
Browse files

Remove all csrf protection.'

parent b2ff9e28
Pipeline #251532 failed with stages
in 4 minutes and 47 seconds
......@@ -19,8 +19,8 @@ app.testing = app.debug = False
app.config.from_object(Config)
app.config['UPLOAD_DIR'] = upload_dir
csrf = CSRFProtect()
csrf.init_app(app)
# csrf = CSRFProtect()
# csrf.init_app(app)
db = MongoEngine()
# app.session_interface = MongoEngineSessionInterface(db)
......
{% extends 'base.html' %}
{% block body %}
<form method="post">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
</form>
<div>
<p>
<a href="{{back_link}}">
......
......@@ -3,9 +3,6 @@
{% extends "base.html" %}
{% block title %}Home{% endblock %}
{% block body %}
<form method="post">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
</form>
<div class="jumbotron">
<h1><b>RAREFAN: RAyt/REpin Finder and ANalyzer</b></h1>
<h2>
......
......@@ -5,10 +5,6 @@
</head>
{% endblock %}
{% block body %}
<form method="post">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
</form>
{{csrf_token() }}
<p>
<h1>{{title}}</h1>
{% if job.parent_run %}
......
......@@ -5,16 +5,10 @@
<h2>Query RareFan results</h2>
</p>
<form action="{{url_for('results') }}" method="post" enctype="multipart/form-data">
{{ results_form.hidden_tag() }}
{{ results_form.csrf_token }}
<p>
{{ results_form.run_id.label }}
{{ results_form.run_id(title="Enter your run ID.") }}
{{ results_form.go(title=results_form.go.description) }}
</p>
--> {{ csrf_token() }}
</form>
<form method="post">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
</form>
{% endblock %}
......@@ -5,7 +5,6 @@
Please fill in the form below. Hover your cursor on the input field to view a tooltip.
</p>
<form action="{{ url_for('submit') }}" method="post" enctype="multipart/form-data">
{{ submit_form.hidden_tag() }}
<p>
{{ submit_form.reference_strain.label }}
<!-- <span title="{{submit_form.reference_strain.description}}" style="cursor:default">(?)</span> -->
......
......@@ -14,20 +14,16 @@
</p>
<p style="margin: 10px">
<form action="{{ url_for('upload') }}" class="dropzone" id="my_dropzone" method="post" enctype="multipart/form-data">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
</form>
</p>
<p style="margin: 10px">
<form method="post" enctype="multipart/form-data" id="confirm_upload">
{{ confirmation_form.confirm(title="Confirm file uploads") }}
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
<button type="button" id="cancel" class="btn btn-secondary">Cancel all uploads</button>
<button type="button" id="remove" class="btn btn-secondary">Remove all files</button>
</form>
</p>
<script>
var csrf_token = "{{ csrf_token() }}";
Dropzone.options.myDropzone = {
addRemoveLinks: true,
paramName: "file", // The name that will be used to transfer the file
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment