-
Notifications
You must be signed in to change notification settings - Fork 725
/
Copy pathcsrf.py
52 lines (43 loc) · 1.72 KB
/
csrf.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
##########################################################################
#
# pgAdmin 4 - PostgreSQL Tools
#
# Copyright (C) 2013 - 2025, The pgAdmin Development Team
# This software is released under the PostgreSQL Licence
#
#########################################################################
from flask_wtf.csrf import CSRFProtect
from flask import request, current_app
class _PGCSRFProtect(CSRFProtect):
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
def init_app(self, app):
super().init_app(app)
self._pg_csrf_exempt(app)
def _pg_csrf_exempt(self, app):
"""Exempt some of the Views/blueprints from CSRF protection
"""
exempt_views = [
'flask.app.<lambda>',
'flask.scaffold.send_static_file', # For Flask 2.*
'flask.blueprints.send_static_file',
'flask_security.views.login',
'flask_security.views.logout',
'pgadmin.tools.translations',
app.blueprints['redirects'],
'pgadmin.browser.server_groups.servers.supported_servers-js',
'pgadmin.tools.sqleditor.initialize_sqleditor',
'pgadmin.tools.datagrid.panel',
'pgadmin.tools.sqleditor.panel',
'pgadmin.tools.debugger.initialize_target',
'pgadmin.tools.debugger.direct_new',
'pgadmin.tools.schema_diff.panel',
'pgadmin.tools.schema_diff.ddl_compare',
'pgadmin.authenticate.login',
'pgadmin.tools.erd.panel',
'pgadmin.tools.psql.panel',
'pgadmin.preferences.get_all_cli',
]
for exempt in exempt_views:
self.exempt(exempt)
pgCSRFProtect = _PGCSRFProtect()