Merge pull request #28 from rcthomas/add-xsrf

Add xsrf

jupyterhub_announcement/announcement.py

@@ -149,6 +149,7 @@ def initialize(self, argv=None):
  "static_path": os.path.join(self.data_files_path, "static"),
  "static_url_prefix": url_path_join(self.service_prefix, "static/"),
  "log": self.log,
+ "xsrf_cookies": True,
  }
 
  self.app = web.Application(

jupyterhub_announcement/handlers.py

@@ -46,6 +46,7 @@ def get(self):
  base_url=prefix,
  no_spawner_check=True,
  parsed_scopes=user.get("hub_scopes") or [],
+ xsrf_form_html=self.xsrf_form_html,
  )
  )
 

setup.py

@@ -16,5 +16,5 @@
  name="jupyterhub-announcement",
  packages=["jupyterhub_announcement"],
  url="https://github.com/rcthomas/jupyterhub-announcement",
- version="1.0.0.dev",
+ version="0.9.2.dev",
 )

templates/index.html

@@ -15,6 +15,7 @@
  {% if user.admin %}
  <div class="row">
  <form action="/services/announcement/update" method="post" class="col-md-offset-3 col-md-6">
+ {{ xsrf_form_html() | safe }}
  <div class="form-group">
  <label for="announcement">Announcement</label>
  <textarea class="form-control" id="announcement" name="announcement" rows="2" placeholder="Announcement text..."></textarea>