From ec9a36e0dd01819dd6e28e86302f256b352c0535 Mon Sep 17 00:00:00 2001
From: Cliff Hill <clifford.hill@gsa.gov>
Date: Fri, 7 Jun 2024 15:09:28 -0400
Subject: [PATCH] Activating CSRF for staging/demo/dev environments.

Signed-off-by: Cliff Hill <clifford.hill@gsa.gov>
---
 app/config.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/config.py b/app/config.py
index 77138ca16..8922506f1 100644
--- a/app/config.py
+++ b/app/config.py
@@ -118,7 +118,7 @@ class Development(Config):
 
 class Test(Development):
     TESTING = True
-    WTF_CSRF_ENABLED = False
+    WTF_CSRF_ENABLED = True
     ASSET_DOMAIN = "static.example.com"
     ASSET_PATH = "https://static.example.com/"
 
@@ -164,7 +164,7 @@ class E2ETest(Staging):
 
     # Borrowed from test environment
     TESTING = True
-    WTF_CSRF_ENABLED = False
+    WTF_CSRF_ENABLED = True
 
     # buckets - mirror staging
     CSV_UPLOAD_BUCKET = cloud_config.s3_credentials(