diff --git a/app/blueprints/report/__init__.py b/app/blueprints/report/__init__.py index 6948c8f8..71327012 100644 --- a/app/blueprints/report/__init__.py +++ b/app/blueprints/report/__init__.py @@ -19,14 +19,13 @@ from flask_babel import lazy_gettext from flask_login import current_user from flask_wtf import FlaskForm from werkzeug.utils import redirect -from wtforms import TextAreaField, SubmitField, BooleanField -from wtforms.fields.html5 import URLField -from wtforms.validators import InputRequired, Optional, Length +from wtforms import TextAreaField, SubmitField +from wtforms.validators import InputRequired, Length from app.models import User, UserRank from app.tasks.emails import send_user_email from app.tasks.webhooktasks import post_discord_webhook -from app.utils import isYes, isNo, abs_url +from app.utils import isNo, abs_url_samesite bp = Blueprint("report", __name__) @@ -42,7 +41,7 @@ def report(): url = request.args.get("url") if url: - url = abs_url(url) + url = abs_url_samesite(url) form = ReportForm(formdata=request.form) if form.validate_on_submit(): diff --git a/app/utils/flask.py b/app/utils/flask.py index 48bb400d..3947591d 100644 --- a/app/utils/flask.py +++ b/app/utils/flask.py @@ -15,7 +15,7 @@ # along with this program. If not, see . -from urllib.parse import urljoin, urlparse +from urllib.parse import urljoin, urlparse, urlunparse import user_agents from flask import request, abort @@ -40,6 +40,10 @@ def abs_url_for(endpoint: str, **kwargs): def abs_url(path): return urljoin(app.config["BASE_URL"], path) +def abs_url_samesite(path): + base = urlparse(app.config["BASE_URL"]) + return urlunparse(base._replace(path=path)) + def url_current(abs=False): args = MultiDict(request.args) dargs = dict(args.lists())