Fix XSS, CSRF, input validation, and related security issues

2026-04-14 16:00:50 -05:00
parent e0f04ea971
commit 270acc0430
7 changed files with 86 additions and 33 deletions
@@ -15,6 +15,7 @@ def app():
        SECRET_KEY = "test-secret"
        SQLALCHEMY_TRACK_MODIFICATIONS = False
        TESTING = True
+        WTF_CSRF_ENABLED = False      # disable CSRF validation in tests
        HOMEASSISTANT_URL = None      # prevent HA poller from starting in tests
        HOMEASSISTANT_API_KEY = None

@@ -33,6 +33,7 @@ def ha_app():
        SECRET_KEY = "test-secret"
        SQLALCHEMY_TRACK_MODIFICATIONS = False
        TESTING = True
+        WTF_CSRF_ENABLED = False      # disable CSRF validation in tests
        HOMEASSISTANT_URL = "http://ha.test:8123"
        HOMEASSISTANT_API_KEY = "fake-token"
        HOMEASSISTANT_POLL_INTERVAL = 300