-
kaiyou authored
The init script was pushing an application context, which maked flask.g global and persisted across requests. This was evaluated to have a minimal security impact. This explains/fixes #738: flask_wtf caches the csrf token in the application context to have a single token per request, and only sets the session attribute after the first generation.
087841d5