Bjoern Welker e062a1e836 security: add CSRF protection to all forms ...

- Add Flask-WTF dependency for CSRF protection
- Initialize CSRFProtect in app.py
- Add CSRF tokens to all POST forms in templates
- Exempt /order JSON API endpoint (uses API key instead)

This protects against Cross-Site Request Forgery attacks on all
admin and user management operations.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-02-06 08:01:22 +01:00

4.1 KiB

Executable File

Raw Blame History

View Raw