#8 #31 #21 temporarily disable CSRF

opted-eu · Jul 26, 2023 · 41b3ab4 · 41b3ab4
1 parent 84f1bd1
commit 41b3ab4
Show file tree

Hide file tree

Showing 6 changed files with 7 additions and 7 deletions.
diff --git a/flaskinventory/add/routes.py b/flaskinventory/add/routes.py
@@ -173,7 +173,10 @@ def new(dgraph_type=None, draft=None, populate_form: dict = None):
 
     fields = list(form.data.keys())
     fields.remove('submit')
-    fields.remove('csrf_token')
+    try:
+        fields.remove('csrf_token')
+    except:
+        pass
 
     if dgraph_type in ['Tool', 'ScientificPublication', 'Dataset', 'Corpus']:
         show_sidebar = True

diff --git a/flaskinventory/static/js/networkplot.js b/flaskinventory/static/js/networkplot.js
@@ -318,7 +318,7 @@ function MakeNetworkPlot(uid, endpoint, divId) {
         fetch(endpoint, {
             method: 'POST',
             headers: {
-                'X-CSRFToken': csrftoken,
+                // 'X-CSRFToken': csrftoken,
                 'Content-Type': 'application/json',
             },
             body: JSON.stringify(uid),

diff --git a/flaskinventory/templates/add/newsource.html b/flaskinventory/templates/add/newsource.html
@@ -954,7 +954,6 @@ <h4 class="mb-4">
 
 <script>
 $SCRIPT_ROOT = {{ request.script_root|tojson|safe }};
-const csrftoken = "{{ csrf_token() }}";
 
 {% include 'add/newsource.js' %}
 

diff --git a/flaskinventory/templates/add/newsource.js b/flaskinventory/templates/add/newsource.js
@@ -1451,7 +1451,7 @@ function submitForm(endpoint, form, callback) {
     var url = endpoint;
     xhr.open("POST", url, true);
     xhr.setRequestHeader("Content-Type", "application/json");
-    xhr.setRequestHeader("X-CSRFToken", csrftoken);
+    // xhr.setRequestHeader("X-CSRFToken", csrftoken);
     xhr.onreadystatechange = function() {
         if (xhr.readyState === 4) {
             if (xhr.status === 200) {

diff --git a/flaskinventory/templates/edit/audience.html b/flaskinventory/templates/edit/audience.html
@@ -29,7 +29,6 @@ <h3 class="mb-3">Edit Audience Size: {{entry.get('name')}} <span class="text-mut
 const htmltable = document.getElementById('audience-size')
 const htmlcols = document.querySelector('#audience-size tr')
 const htmlrows = document.querySelector('#audience-size tbody')
-const csrftoken = "{{ csrf_token() }}"
 const endpoint = "{{ url_for('edit.source_audience', uid=entry.get('uid') ) }}"
 
 function editRow(rowNum) {
@@ -144,7 +143,7 @@ <h3 class="mb-3">Edit Audience Size: {{entry.get('name')}} <span class="text-mut
     var url = endpoint;
     xhr.open("POST", url, true);
     xhr.setRequestHeader("Content-Type", "application/json");
-    xhr.setRequestHeader("X-CSRFToken", csrftoken);
+    // xhr.setRequestHeader("X-CSRFToken", csrftoken);
     xhr.onreadystatechange = function() {
         if (xhr.readyState === 4) {
             if (xhr.status === 200) {

diff --git a/flaskinventory/templates/view/elements/ownership.html b/flaskinventory/templates/view/elements/ownership.html
@@ -8,7 +8,6 @@ <h5 class="flex-grow-1">Ownership Structure</h5>
 <script>
 
     $SCRIPT_ROOT = {{ request.script_root|tojson|safe }};
-    const csrftoken = "{{ csrf_token() }}";
     const data = { uid: "{{ entry.uid }}" };
     $ENDPOINT = "{{ url_for( 'endpoint.ownership' ) }}"