Skip to content

Commit

Permalink
Exempt legacy api from CSRF protection
Browse files Browse the repository at this point in the history
  • Loading branch information
amCap1712 committed Aug 14, 2021
1 parent b1c42b2 commit a32c3e7
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions webserver/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -207,16 +207,18 @@ def register_api(app):
app.register_blueprint(bp_dataset_eval, url_prefix=v1_prefix + '/datasets/evaluation')
app.register_blueprint(bp_similarity, url_prefix=v1_prefix + '/similarity')

from webserver.views.api.legacy import api_legacy_bp
app.register_blueprint(api_legacy_bp)

# During readthedocs creation we don't have the csrf extension,
# so only exclude these endpoints if it's enabled
if 'csrf' in app.extensions:
app.extensions['csrf'].exempt(api_legacy_bp)
app.extensions['csrf'].exempt(bp_core)
app.extensions['csrf'].exempt(bp_datasets)
app.extensions['csrf'].exempt(bp_dataset_eval)
app.extensions['csrf'].exempt(bp_similarity)

from webserver.views.api.legacy import api_legacy_bp
app.register_blueprint(api_legacy_bp)

register_ui(app)
register_api(app)

0 comments on commit a32c3e7

Please sign in to comment.