mirror of
https://github.com/Mailu/Mailu.git
synced 2025-03-05 14:55:20 +02:00
087841d5b7
The init script was pushing an application context, which maked flask.g global and persisted across requests. This was evaluated to have a minimal security impact. This explains/fixes #738: flask_wtf caches the csrf token in the application context to have a single token per request, and only sets the session attribute after the first generation.