16 lines
No EOL
568 B
Python
16 lines
No EOL
568 B
Python
from flask_wtf.csrf import CSRFProtect
|
|
|
|
# Single global instance of CSRFProtect
|
|
csrf = CSRFProtect()
|
|
|
|
def init_csrf(app):
|
|
"""Initialize CSRF protection with proper configuration"""
|
|
# Ensure cookies work in Docker environment
|
|
app.config['WTF_CSRF_ENABLED'] = True
|
|
app.config['WTF_CSRF_TIME_LIMIT'] = 3600 # 1 hour
|
|
app.config['SESSION_COOKIE_SECURE'] = False # Set to True if using HTTPS
|
|
app.config['SESSION_COOKIE_HTTPONLY'] = True
|
|
app.config['SESSION_COOKIE_SAMESITE'] = 'Lax'
|
|
|
|
# Initialize CSRF protection
|
|
csrf.init_app(app) |