Fix CSRF Token error in Flamenco Link Manager
ClosedPublic
Actions

Authored by Sybren A. Stüvel (sybren) on Feb 22 2021, 6:46 PM.

Details

Reviewers

Sam Miller (samuelmiller)

Commits

rF5e23288c0ab6: Fix CSRF Token error in Flamenco Link Manager

Summary

There can be a CSRF Token error when linking a self-hosted Flamenco Server (Blender Cloud/Blender ID) with a Flamenco Manager. This insertion will pass the CSRF Token so that the Manager and Server can be linked.

Diff Detail

Repository: rF Flamenco

Event Timeline

Sam Miller (samuelmiller) requested review of this revision.Feb 22 2021, 6:46 PM

Sam Miller (samuelmiller) created this revision.

Sam Miller (samuelmiller) edited the summary of this revision. (Show Details)Feb 23 2021, 2:16 PM

Sam Miller (samuelmiller) edited the summary of this revision. (Show Details)

Thanks for the patch!

I was unable to create a diff inside the Flamenco repository. The file that this belongs to is:
flamenco/flamenco/templates/flamenco/managers/linking/choose_manager.html

This is because that file is generated from PUG files, and is not tracked by Git. I can translate it though:

diff --git a/src/templates/flamenco/managers/linking/choose_manager.pug b/src/templates/flamenco/managers/linking/choose_manager.pug
index 1a81c5d8..ada015fd 100644
--- a/src/templates/flamenco/managers/linking/choose_manager.pug
+++ b/src/templates/flamenco/managers/linking/choose_manager.pug
@@ -3,6 +3,7 @@
 
 .box
     form(onsubmit="return linkManager(this)",method='POST')
+        input(type='hidden',name='csrf_token',value='{{ csrf_token() }}')
         | {% if not managers %}
         p You have no Manager registered at Flamenco Server. Provide a name for your new Manager.
         | {% else %}

This revision is now accepted and ready to land.Mar 5 2021, 11:26 AM

Sybren A. Stüvel (sybren) commandeered this revision.Mar 5 2021, 11:27 AM

Sybren A. Stüvel (sybren) edited reviewers, added: Sam Miller (samuelmiller); removed: Sybren A. Stüvel (sybren).

This revision now requires review to proceed.Mar 5 2021, 11:27 AM