pgadmin4: fix CSRF issue
Without the downgrade of flask-security-too to 5.4.1 pgadmin4 is unusable, because one cannot login. Alternatively one could disable CSRF altogether with the module. This would still make the desktop version unusable and impact security. Therefore flask-security-too is being downgraded. Signed-off-by: Florian Brandes <florian.brandes@posteo.de>
This commit is contained in:
parent
c81c241415
commit
62faf6cddf
|
@ -26,7 +26,18 @@ let
|
|||
|
||||
# keep the scope, as it is used throughout the derivation and tests
|
||||
# this also makes potential future overrides easier
|
||||
pythonPackages = python3.pkgs.overrideScope (final: prev: rec { });
|
||||
pythonPackages = python3.pkgs.overrideScope (final: prev: rec {
|
||||
# Flask 5.4.3 introduces an CSRF error which makes it impossible to login
|
||||
# So either we downgrade flask here or use "WTF_CSRF_ENABLED = false" in the
|
||||
# module config to disable CSRF.
|
||||
flask-security-too = prev.flask-security-too.overridePythonAttrs (oldAttrs: rec {
|
||||
version = "5.4.1";
|
||||
src = oldAttrs.src.override {
|
||||
inherit version;
|
||||
hash = "sha256-Ay7+gk+zuUlXtw0LDdsnvSa22z+yE6VR1guu9QmiFvw=";
|
||||
};
|
||||
});
|
||||
});
|
||||
|
||||
offlineCache = fetchYarnDeps {
|
||||
yarnLock = ./yarn.lock;
|
||||
|
|
Loading…
Reference in New Issue