skorotkiewicz/rDrama
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

caching: fix CSRF

Browse source 
this removes the ability to do a GET to dump the internal cache but i've added a button to the admin panel that makes it so you can do it
This commit is contained in:
justcool393 2022-11-02 20:46:51 -05:00 committed by Ben Rog-Wilhelm
parent 387f5e4f62
commit 7970b17574
2 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
files/routes/admin.py
View file

@ -1531,7 +1531,7 @@ def admin_distinguish_comment(c_id, v):
if comment.distinguish_level: return {"message": "Comment distinguished!"}
else: return {"message": "Comment undistinguished!"}
@app.get("/admin/dump_cache")
@app.post("/admin/dump_cache")
@limiter.exempt
@admin_level_required(2)
def admin_dump_cache(v):

3
files/templates/admin/admin_home.html
View file

@ -110,7 +110,8 @@
<label for="min_age">Minimum Account Age (days)</label>
</div>
<button class="btn btn-primary mt-3" onclick="post_toast(this,'/admin/purge_cache');">PURGE CACHE</button>
<button class="btn btn-primary mt-3" onclick="post_toast(this,'/admin/purge_cache');">PURGE CDN CACHE</button>
<button class="btn btn-primary mt-3" onclick="post_toast(this,'/admin/dump_cache');">DUMP INTERNAL CACHE</button>
{% endif %}
{% endblock %}