Fix CSRF by importing global csrf object from app instead of local CSRFProtect

b19fc3ac · Stefy Lanza (nextime / spora ) · 1ed1589c · b19fc3ac
Commit b19fc3ac authored Sep 26, 2025 by Stefy Lanza (nextime / spora )
Show whitespace changes
Inline Side-by-side

Showing with 1 addition and 3 deletions

routes.py app/upload/routes.py +1 -3

No files found.
--- a/app/upload/routes.py
+++ b/app/upload/routes.py
@@ -5,10 +5,9 @@ import shutil
 from flask import request, jsonify, render_template, redirect, url_for, flash, current_app
 from flask_login import login_required, current_user
 from flask_jwt_extended import jwt_required, get_jwt_identity
-from flask_wtf import CSRFProtect
 from werkzeug.utils import secure_filename
 from app.upload import bp
-from app import db
+from app import db, csrf
 from app.upload.file_handler import get_file_upload_handler
 from app.upload.fixture_parser import get_fixture_parser
 from app.utils.security import require_active_user, validate_file_type, hash_file_content
@@ -16,7 +15,6 @@ from app.utils.logging import log_file_operation, log_upload_progress
 from app.upload.forms import FixtureUploadForm, ZipUploadForm
 logger = logging.getLogger(__name__)
-csrf = CSRFProtect()
 @bp.route('/fixture', methods=['GET', 'POST'])
 @login_required