Don't use deprecated CSRF methods.

TheReverend403 · Jul 2, 2019 · a16071d · a16071d
1 parent f855a6a
commit a16071d
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 2 deletions.
diff --git a/app/forms/api.py b/app/forms/api.py
@@ -20,3 +20,6 @@
 
 class UploadForm(FlaskForm):
  file = FileField(validators=[FileRequired()])
+
+ class Meta:
+ csrf = False
diff --git a/app/models/file.py b/app/models/file.py
@@ -14,7 +14,9 @@
 # along with pste. If not, see <https://www.gnu.org/licenses/>.
 
 import os
+from pathlib import Path
 
+from flask import current_app as app
 from sqlalchemy import func, event
 
 from app import db
@@ -37,7 +39,10 @@ def path(self):
  return f'{self.user.storage_directory()}/{self.slug}'
 
  def response_mimetype(self):
- # TODO: Implement sending of certain file types as text/plain.
+ extension = Path(self.path()).suffix
+ if extension and extension.lstrip('.') in app.config['PLAINTEXT_TYPES']:
+ return 'text/plain'
+
  return self.server_mimetype
 
 

diff --git a/app/views/api.py b/app/views/api.py
@@ -33,7 +33,7 @@
 @login_required
 @csrf.exempt
 def upload():
- form = UploadForm(request.files, csrf_enabled=False)
+ form = UploadForm(request.files)
  if not form.validate_on_submit():
  return jsonify({'errors': form.errors})