From 29a6a762cbe8524c121b3b0d577a24072ea5a497 Mon Sep 17 00:00:00 2001
From: rubenwardy <rw@rubenwardy.com>
Date: Sat, 22 Jun 2024 13:30:01 +0100
Subject: [PATCH] Remove CSRF token expiry

According to the OWASP, CSRF tokens don't need expiry times. They should be bound to the session.

https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#employing-hmac-csrf-tokens

Fixes #437
---
 app/__init__.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/__init__.py b/app/__init__.py
index 2bffc1d2..d5f67b3b 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -75,6 +75,7 @@ app.config["FLATPAGES_EXTENSION"] = ".md"
 app.config["FLATPAGES_MARKDOWN_EXTENSIONS"] = MARKDOWN_EXTENSIONS
 app.config["FLATPAGES_EXTENSION_CONFIG"] = MARKDOWN_EXTENSION_CONFIG
 app.config["FLATPAGES_HTML_RENDERER"] = my_flatpage_renderer
+app.config["WTF_CSRF_TIME_LIMIT"] = None
 
 app.config["BABEL_TRANSLATION_DIRECTORIES"] = "../translations"
 app.config["LANGUAGES"] = {