Add CSRF protection to text completions API endpoint
mgax opened this issue · comments
Alex Morega commented
The API endpoint for text completions is currently not using CSRF protection:
wagtail-ai/src/wagtail_ai/views.py
Line 77 in ded87e6
It's fairly straightforward to include the token in the API call:
https://github.com/wagtail/wagtail-ai/pull/81/files#diff-a54e4250449e59423b6df434377d2b3bcb0266e26e5e7935d6b2bcbfd4d77291R9-R13
https://github.com/wagtail/wagtail-ai/pull/81/files#diff-a54e4250449e59423b6df434377d2b3bcb0266e26e5e7935d6b2bcbfd4d77291R37