diff --git a/__pycache__/app.cpython-313.pyc b/__pycache__/app.cpython-313.pyc index 035c71e..f57e526 100644 Binary files a/__pycache__/app.cpython-313.pyc and b/__pycache__/app.cpython-313.pyc differ diff --git a/app.py b/app.py index 18bf024..b715181 100644 --- a/app.py +++ b/app.py @@ -9,7 +9,6 @@ from flask_sqlalchemy import SQLAlchemy from werkzeug.security import generate_password_hash, check_password_hash import json from enum import Enum -from flask_wtf import FlaskForm from wtforms import StringField, PasswordField, BooleanField, TextAreaField, SelectField, HiddenField from wtforms.validators import DataRequired, Email, Length, EqualTo, ValidationError from functools import wraps @@ -47,7 +46,6 @@ app.config['SQLALCHEMY_DATABASE_URI'] = f'sqlite:///{db_path}' app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False app.config['PERMANENT_SESSION_LIFETIME'] = timedelta(days=365) # Langlebige Session für Dark Mode-Einstellung app.config['UPLOAD_FOLDER'] = os.getenv('UPLOAD_FOLDER', os.path.join(os.getcwd(), 'uploads')) -app.config['WTF_CSRF_ENABLED'] = False # OpenAI API-Konfiguration api_key = os.environ.get("OPENAI_API_KEY", "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") diff --git a/templates/edit_mindmap.html b/templates/edit_mindmap.html index 4c18072..e791329 100644 --- a/templates/edit_mindmap.html +++ b/templates/edit_mindmap.html @@ -335,7 +335,6 @@ const isPrivateInput = document.getElementById('is_private'); const mindmapId = "{{ mindmap.id }}"; // Sicherstellen, dass mindmap.id hier verfügbar ist - const csrfToken = "{{ csrf_token() }}"; const data = { name: nameInput.value, @@ -351,8 +350,7 @@ const response = await fetch(`/api/mindmaps/${mindmapId}`, { method: 'PUT', headers: { - 'Content-Type': 'application/json', - 'X-CSRFToken': csrfToken + 'Content-Type': 'application/json' }, body: JSON.stringify(data) }); @@ -389,7 +387,6 @@ // Die Metadaten (Name, Beschreibung, is_private) werden separat über das Formular oben gespeichert. // Diese onChange Funktion kümmert sich nur um die Strukturdaten (Knoten/Kanten). const mindmapId = "{{ mindmap.id }}"; - const csrfToken = "{{ csrf_token() }}"; // Debounce-Funktion, um API-Aufrufe zu limitieren let debounceTimer; @@ -406,8 +403,7 @@ fetch(`/api/mindmaps/${mindmapId}`, { // Endpunkt angepasst method: 'PUT', // Methode zu PUT geändert headers: { - 'Content-Type': 'application/json', - 'X-CSRFToken': csrfToken + 'Content-Type': 'application/json' }, body: JSON.stringify(payload) // Sende die Mindmap-Daten als { data: ... } }).then(response => { @@ -455,14 +451,12 @@ mindmap.initialize().then(() => { console.log("Mindmap-Editor initialisiert"); const mindmapId = "{{ mindmap.id }}"; - const csrfToken = "{{ csrf_token() }}"; // Lade existierende Daten für die Mindmap-Struktur fetch(`/api/mindmaps/${mindmapId}`, { // Endpunkt für GET angepasst method: 'GET', headers: { - 'Accept': 'application/json', - 'X-CSRFToken': csrfToken + 'Accept': 'application/json' } }) .then(response => { diff --git a/templates/my_account.html b/templates/my_account.html index 5df65a6..1b2c49a 100644 --- a/templates/my_account.html +++ b/templates/my_account.html @@ -326,11 +326,10 @@ const mindmapId = event.currentTarget.dataset.mindmapId; if (confirm('Bist du sicher, dass du diese Mindmap löschen möchtest?')) { try { - const csrfToken = "{{ csrf_token() }}"; // CSRF Token holen const response = await fetch(`/api/mindmaps/${mindmapId}`, { method: 'DELETE', headers: { - 'X-CSRFToken': csrfToken // CSRF Token im Header senden + 'Content-Type': 'application/json' } }); if (!response.ok) { @@ -359,12 +358,10 @@ } try { - const csrfToken = "{{ csrf_token() }}"; // CSRF Token holen const response = await fetch('/api/mindmaps', { method: 'POST', headers: { - 'Content-Type': 'application/json', - 'X-CSRFToken': csrfToken // CSRF Token im Header senden + 'Content-Type': 'application/json' }, body: JSON.stringify({ name, description, is_private: false }), // is_private standardmäßig auf false setzen });