security: add CSRF protection to all forms
- Add Flask-WTF dependency for CSRF protection - Initialize CSRFProtect in app.py - Add CSRF tokens to all POST forms in templates - Exempt /order JSON API endpoint (uses API key instead) This protects against Cross-Site Request Forgery attacks on all admin and user management operations. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
1
wawi/templates/login.html
Normal file → Executable file
1
wawi/templates/login.html
Normal file → Executable file
@@ -6,6 +6,7 @@
|
||||
<div class="note">Benutzername oder Passwort ist falsch.</div>
|
||||
{% endif %}
|
||||
<form method="post">
|
||||
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
|
||||
<div class="form-grid">
|
||||
<label>
|
||||
Benutzer
|
||||
|
||||
Reference in New Issue
Block a user