diff options
Diffstat (limited to 'src/octoprint/server/util/csrf.py')
| -rw-r--r-- | src/octoprint/server/util/csrf.py | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/octoprint/server/util/csrf.py b/src/octoprint/server/util/csrf.py index 74821440a..aaa7b133b 100644 --- a/src/octoprint/server/util/csrf.py +++ b/src/octoprint/server/util/csrf.py @@ -77,8 +77,9 @@ def validate_csrf_request(request): # Irrelevant method for CSRF, bypass return - if getattr(flask.g, "login_via_apikey", False): - # API key authorization, bypass + session = getattr(flask, "session", {}) + if len(session) == 0 or session.get("login_mechanism") == "apikey": + # empty session, not a browser context return if is_exempt(request.endpoint): |