Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix the way we handle the application context
The init script was pushing an application context, which maked flask.g global and persisted across requests. This was evaluated to have a minimal security impact. This explains/fixes Mailu#738: flask_wtf caches the csrf token in the application context to have a single token per request, and only sets the session attribute after the first generation.
- Loading branch information