"feat: Implement CSRF documentation update in backend/app/CSRF_FIX_DOCUMENTATION.md"
This commit is contained in:
parent
3aa05195c0
commit
8e8da1bb07
1
backend/app/CSRF_FIX_DOCUMENTATION.md
Normal file
1
backend/app/CSRF_FIX_DOCUMENTATION.md
Normal file
@ -0,0 +1 @@
|
|||||||
|
|
||||||
@ -51,6 +51,22 @@ app.config["WTF_CSRF_ENABLED"] = True
|
|||||||
csrf = CSRFProtect(app)
|
csrf = CSRFProtect(app)
|
||||||
|
|
||||||
# CSRF-Error-Handler
|
# CSRF-Error-Handler
|
||||||
|
@csrf.error_handler
|
||||||
|
def csrf_error(reason):
|
||||||
|
"""Behandelt CSRF-Fehler und gibt detaillierte Informationen zurück."""
|
||||||
|
app_logger.error(f"CSRF-Fehler für {request.path}: {reason}")
|
||||||
|
|
||||||
|
if request.path.startswith('/api/'):
|
||||||
|
# Für API-Anfragen: JSON-Response
|
||||||
|
return jsonify({
|
||||||
|
"error": "CSRF-Token fehlt oder ungültig",
|
||||||
|
"reason": str(reason),
|
||||||
|
"help": "Fügen Sie ein gültiges CSRF-Token zu Ihrer Anfrage hinzu"
|
||||||
|
}), 400
|
||||||
|
else:
|
||||||
|
# Für normale Anfragen: Weiterleitung zur Fehlerseite
|
||||||
|
flash("Sicherheitsfehler: Anfrage wurde abgelehnt. Bitte versuchen Sie es erneut.", "error")
|
||||||
|
return redirect(request.url)
|
||||||
|
|
||||||
# Blueprints registrieren
|
# Blueprints registrieren
|
||||||
app.register_blueprint(guest_blueprint)
|
app.register_blueprint(guest_blueprint)
|
||||||
|
|||||||
@ -435,11 +435,22 @@ document.addEventListener('DOMContentLoaded', function() {
|
|||||||
printer_id: formData.get('printer_id') ? parseInt(formData.get('printer_id')) : null
|
printer_id: formData.get('printer_id') ? parseInt(formData.get('printer_id')) : null
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// CSRF-Token aus Meta-Tag auslesen
|
||||||
|
const csrfToken = document.querySelector('meta[name="csrf-token"]')?.content;
|
||||||
|
|
||||||
|
const headers = {
|
||||||
|
'Content-Type': 'application/json',
|
||||||
|
'X-Requested-With': 'XMLHttpRequest'
|
||||||
|
};
|
||||||
|
|
||||||
|
// CSRF-Token hinzufügen, wenn vorhanden
|
||||||
|
if (csrfToken) {
|
||||||
|
headers['X-CSRFToken'] = csrfToken;
|
||||||
|
}
|
||||||
|
|
||||||
const response = await fetch('/api/guest/requests', {
|
const response = await fetch('/api/guest/requests', {
|
||||||
method: 'POST',
|
method: 'POST',
|
||||||
headers: {
|
headers: headers,
|
||||||
'Content-Type': 'application/json',
|
|
||||||
},
|
|
||||||
body: JSON.stringify(data)
|
body: JSON.stringify(data)
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user