Fix the way we handle the application context

The init script was pushing an application context, which maked
flask.g global and persisted across requests. This was evaluated
to have a minimal security impact.

This explains/fixes #738: flask_wtf caches the csrf token in the
application context to have a single token per request, and only
sets the session attribute after the first generation.
master
kaiyou 6 years ago
parent b5f51b0e2e
commit 087841d5b7

@ -8,7 +8,6 @@ def create_app_from_config(config):
""" Create a new application based on the given configuration
"""
app = flask.Flask(__name__)
app.app_context().push()
app.cli.add_command(manage.mailu)
# Bootstrap is used for basic JS and CSS loading

@ -9,7 +9,7 @@ import base64
@internal.route("/auth/email")
@utils.limiter.limit(
app.config["AUTH_RATELIMIT"],
lambda: app.config["AUTH_RATELIMIT"],
lambda: flask.request.headers["Client-Ip"]
)
def nginx_authentication():

Loading…
Cancel
Save