Update flask csrf extent

1ed1589c · Stefy Lanza (nextime / spora ) · 419c9c29 · 1ed1589c
Commit 1ed1589c authored Sep 26, 2025 by Stefy Lanza (nextime / spora )
Show whitespace changes
Inline Side-by-side

Showing with 5 additions and 4 deletions

routes.py app/upload/routes.py +5 -4

No files found.
--- a/app/upload/routes.py
+++ b/app/upload/routes.py
@@ -5,7 +5,7 @@ import shutil
 from flask import request, jsonify, render_template, redirect, url_for, flash, current_app
 from flask_login import login_required, current_user
 from flask_jwt_extended import jwt_required, get_jwt_identity
-from flask_wtf import csrf_exempt
+from flask_wtf import CSRFProtect
 from werkzeug.utils import secure_filename
 from app.upload import bp
 from app import db
@@ -16,6 +16,7 @@ from app.utils.logging import log_file_operation, log_upload_progress
 from app.upload.forms import FixtureUploadForm, ZipUploadForm

 logger = logging.getLogger(__name__)
+csrf = CSRFProtect()

 @bp.route('/fixture', methods=['GET', 'POST'])
 @login_required
@@ -905,7 +906,7 @@ def upload_fixture_zip(fixture_id):
        return redirect(request.referrer or url_for('main.fixtures'))

 @bp.route('/chunk', methods=['POST'])
-@csrf_exempt
+@csrf.exempt
 @login_required
 @require_active_user
 def upload_chunk():
@@ -946,7 +947,7 @@ def upload_chunk():
        return jsonify({'success': False, 'error': str(e)}), 500

 @bp.route('/finalize', methods=['POST'])
-@csrf_exempt
+@csrf.exempt
 @login_required
 @require_active_user
 def finalize_upload():