fix: added CSRF protection

pantos-io · Dec 4, 2024 · 9c7cd14 · 9c7cd14
1 parent 2a1360c
commit 9c7cd14
Show file tree

Hide file tree

Showing 3 changed files with 153 additions and 82 deletions.
diff --git a/pantos/servicenode/restapi.py b/pantos/servicenode/restapi.py
@@ -10,6 +10,8 @@
 import flask_cors  # type: ignore
 import flask_restful  # type: ignore
 import flask_restful.reqparse  # type: ignore
+from flask_wtf.csrf import CSRFProtect
+
 import marshmallow
 import marshmallow.validate
 from pantos.common.blockchains.enums import Blockchain
@@ -38,6 +40,8 @@
 
 # Allow CORS for all domains on all routes
 flask_cors.CORS(flask_app)
+csrf = CSRFProtect()
+csrf.init_app(flask_app) # Compliant
 
 _logger = logging.getLogger(__name__)
 """Logger for this module."""