docker/mailu
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix the way we handle the application context

Browse Source 
The init script was pushing an application context, which maked
flask.g global and persisted across requests. This was evaluated
to have a minimal security impact.

This explains/fixes #738: flask_wtf caches the csrf token in the
application context to have a single token per request, and only
sets the session attribute after the first generation.
This commit is contained in:
kaiyou
2018-12-13 14:23:17 +01:00
parent b5f51b0e2e
commit 087841d5b7
2 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
core/admin/mailu/__init__.py
View File

@@ -8,7 +8,6 @@ def create_app_from_config(config):
""" Create a new application based on the given configuration """ Create a new application based on the given configuration
""" """
app = flask.Flask(__name__) app = flask.Flask(__name__)
app.app_context().push()
app.cli.add_command(manage.mailu) app.cli.add_command(manage.mailu)
# Bootstrap is used for basic JS and CSS loading # Bootstrap is used for basic JS and CSS loading

2
core/admin/mailu/internal/views/auth.py
View File

@@ -9,7 +9,7 @@ import base64
@internal.route("/auth/email") @internal.route("/auth/email")
@utils.limiter.limit( @utils.limiter.limit(
app.config["AUTH_RATELIMIT"], lambda: app.config["AUTH_RATELIMIT"],
lambda: flask.request.headers["Client-Ip"] lambda: flask.request.headers["Client-Ip"]
) )
def nginx_authentication(): def nginx_authentication():