Flask quickstarter is not protected from CSRF by default

[michaelsauter]

A newly provisioned Flask quickstarter is immediately flagged by SonarQube:

Make sure disabling CSRF protection is safe here.

The recommended action is to change:

app = Flask(__name__)

to:

app = Flask(__name__)
csrf = CSRFProtect()
csrf.init_app(app)

@gerardcl @henrjk @buegelbeatz Do you see any issues doing that change?

[gerardcl]

LGTM! shouldn't affect current behaviour nor tests 👍

[gerardcl]

hi @michaelsauter ! could be that you tested this fix from here in the ods-pipeline? if that was successful I guess we can just promote it, right? do you want me to do that? everywhere?

[michaelsauter]

@gerardcl I tried, but I failed ... CSRFProtect needs to be imported I think but I did not investigatee further as it is quite irrelevant for the ods-pipeline project as there is is only used in the tests.

[gerardcl]

ok, will provide a fix for that then in ods-quickstarters so you can then import accordingly to ods-pipeline or I can do it too no prob 👍
next week though :)