From b758a92005bb4f2c5eb7c6f6145c3a64f71aed0e Mon Sep 17 00:00:00 2001
From: Tobias Bieniek <tobias.bieniek@gmail.com>
Date: Tue, 25 Oct 2016 21:42:15 +0200
Subject: [PATCH] views/upload: Remove unnecessary CSRF token code

This was only used while doing cookie-based auth
---
 ember/app/components/upload-flight-form.js |  3 ---
 skylines/frontend/views/upload.py          | 10 ----------
 2 files changed, 13 deletions(-)

diff --git a/ember/app/components/upload-flight-form.js b/ember/app/components/upload-flight-form.js
index e35a636ac7..5800bcf58f 100644
--- a/ember/app/components/upload-flight-form.js
+++ b/ember/app/components/upload-flight-form.js
@@ -44,9 +44,6 @@ export default Ember.Component.extend(Validations, {
     let data = new FormData(form);
 
     try {
-      let csrfToken = yield this.get('ajax').request('/api/flights/upload/csrf').then(it => it.token);
-      data.append('csrfToken', csrfToken);
-
       let json = yield this.get('ajax').request('/api/flights/upload/', { method: 'POST', data, contentType: false, processData: false });
       this.getWithDefault('onUpload', Ember.K)(json);
 
diff --git a/skylines/frontend/views/upload.py b/skylines/frontend/views/upload.py
index 7d8c690180..e9a21a957a 100644
--- a/skylines/frontend/views/upload.py
+++ b/skylines/frontend/views/upload.py
@@ -8,7 +8,6 @@
 from collections import namedtuple
 
 from flask import Blueprint, request, current_app, abort, make_response, jsonify
-from flask_wtf.csrf import generate_csrf, validate_csrf
 from redis.exceptions import ConnectionError
 from sqlalchemy.sql.expression import func
 
@@ -148,12 +147,6 @@ def _encode_flight_path(fp, qnh):
                 igc_start_time=fp[0].datetime, igc_end_time=fp[-1].datetime)
 
 
-@upload_blueprint.route('/flights/upload/csrf')
-@oauth.required()
-def csrf():
-    return jsonify(token=generate_csrf())
-
-
 @upload_blueprint.route('/flights/upload', methods=('POST',), strict_slashes=False)
 @oauth.required()
 def index_post():
@@ -161,9 +154,6 @@ def index_post():
 
     form = request.form
 
-    if not validate_csrf(form.get('csrfToken')):
-        return jsonify(error='invalid-csrf-token'), 403
-
     if form.get('pilotId') == u'':
         form = form.copy()
         form.pop('pilotId')