Fixing CSRF issues and expanding trusted proxies to local network

2025-12-20 07:14:24 +01:00 · 2016-02-06 15:38:14 -05:00
parent c336ad6fd1
commit 1dcba3a264
4 changed files with 38 additions and 27 deletions
--- a/CTFd/views.py
+++ b/CTFd/views.py
@@ -17,27 +17,6 @@ import datetime
 views = Blueprint('views', __name__)


-@views.before_request
-def tracker():
-    if authed():
-        track = Tracking.query.filter_by(ip=ip2long(get_ip()), team=session['id']).first()
-        if not track:
-            visit = Tracking(ip=get_ip(), team=session['id'])
-            db.session.add(visit)
-            db.session.commit()
-        else:
-            track.date = datetime.datetime.utcnow()
-            db.session.commit()
-        db.session.close()
-
-
-@views.before_request
-def csrf():
-    if request.method == "POST":
-        if session['nonce'] != request.form.get('nonce'):
-            abort(403)
-
-
@views.before_request
 def redirect_setup():
    if request.path == "/static/css/style.css":