Disable anti-csrf on the login form

The rationale is that the attacker doesn't have the password...
and that doing it this way we avoid creating useless sessions
master
Florent Daigniere 4 years ago
parent 481cb67392
commit 64d757582d

@ -46,6 +46,8 @@ class ConfirmationForm(flask_wtf.FlaskForm):
class LoginForm(flask_wtf.FlaskForm): class LoginForm(flask_wtf.FlaskForm):
class Meta:
csrf = False
email = fields.StringField(_('E-mail'), [validators.Email()]) email = fields.StringField(_('E-mail'), [validators.Email()])
pw = fields.PasswordField(_('Password'), [validators.DataRequired()]) pw = fields.PasswordField(_('Password'), [validators.DataRequired()])
submit = fields.SubmitField(_('Sign in')) submit = fields.SubmitField(_('Sign in'))

Loading…
Cancel
Save