wip

app/core/csrf_utils.py

@@ -0,0 +1,16 @@
+from flask_wtf.csrf import CSRFProtect
+
+# Single global instance of CSRFProtect
+csrf = CSRFProtect()
+
+def init_csrf(app):
+    """Initialize CSRF protection with proper configuration"""
+    # Ensure cookies work in Docker environment
+    app.config['WTF_CSRF_ENABLED'] = True
+    app.config['WTF_CSRF_TIME_LIMIT'] = 3600  # 1 hour
+    app.config['SESSION_COOKIE_SECURE'] = False  # Set to True if using HTTPS
+    app.config['SESSION_COOKIE_HTTPONLY'] = True
+    app.config['SESSION_COOKIE_SAMESITE'] = 'Lax'
+    
+    # Initialize CSRF protection
+    csrf.init_app(app)