wagtail / wagtail-ai

Get help with your Wagtail content using AI superpowers.

https://wagtail-ai.readthedocs.io/latest

Add CSRF protection to text completions API endpoint

mgax opened this issue 6 months ago · comments

Alex Morega commented 6 months ago

The API endpoint for text completions is currently not using CSRF protection:

wagtail-ai/src/wagtail_ai/views.py

Line 77 in ded87e6

@csrf_exempt

It's fairly straightforward to include the token in the API call:

https://github.com/wagtail/wagtail-ai/pull/81/files#diff-a54e4250449e59423b6df434377d2b3bcb0266e26e5e7935d6b2bcbfd4d77291R9-R13
https://github.com/wagtail/wagtail-ai/pull/81/files#diff-a54e4250449e59423b6df434377d2b3bcb0266e26e5e7935d6b2bcbfd4d77291R37