wip

app/core/csrf_utils.py

@@ -0,0 +1,16 @@
+from flask_wtf.csrf import CSRFProtect
+
+# Single global instance of CSRFProtect
+csrf = CSRFProtect()
+
+def init_csrf(app):
+    """Initialize CSRF protection with proper configuration"""
+    # Ensure cookies work in Docker environment
+    app.config['WTF_CSRF_ENABLED'] = True
+    app.config['WTF_CSRF_TIME_LIMIT'] = 3600  # 1 hour
+    app.config['SESSION_COOKIE_SECURE'] = False  # Set to True if using HTTPS
+    app.config['SESSION_COOKIE_HTTPONLY'] = True
+    app.config['SESSION_COOKIE_SAMESITE'] = 'Lax'
+    
+    # Initialize CSRF protection
+    csrf.init_app(app) 

app/core/extensions.py

@@ -4,7 +4,7 @@ from flask_login import LoginManager
 from flask_bcrypt import Bcrypt
 from flask_limiter import Limiter
 from flask_limiter.util import get_remote_address
-from flask_wtf.csrf import CSRFProtect
+from app.core.csrf_utils import csrf  # Import from centralized location
 
 # Initialize extensions
 db = SQLAlchemy()
@@ -15,7 +15,7 @@ login_manager.login_message = "Please log in to access this page."
 login_manager.login_message_category = "info"
 
 bcrypt = Bcrypt()
-csrf = CSRFProtect()
+# csrf is now imported from csrf_utils, not defined here
 limiter = Limiter(
     key_func=get_remote_address, default_limits=["200 per day", "50 per hour"]
 )