From a16071d2f670996e379bf1780eecac2dcce0dd58 Mon Sep 17 00:00:00 2001
From: Lee Watson <rev@revthefox.co.uk>
Date: Tue, 2 Jul 2019 20:58:05 +0100
Subject: [PATCH] Don't use deprecated CSRF methods.

---
 app/forms/api.py   | 3 +++
 app/models/file.py | 7 ++++++-
 app/views/api.py   | 2 +-
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/app/forms/api.py b/app/forms/api.py
index b6ffc03..4d6315b 100644
--- a/app/forms/api.py
+++ b/app/forms/api.py
@@ -20,3 +20,6 @@
 
 class UploadForm(FlaskForm):
     file = FileField(validators=[FileRequired()])
+
+    class Meta:
+        csrf = False
diff --git a/app/models/file.py b/app/models/file.py
index 7f8752e..b0e799b 100644
--- a/app/models/file.py
+++ b/app/models/file.py
@@ -14,7 +14,9 @@
 #  along with pste.  If not, see <https://www.gnu.org/licenses/>.
 
 import os
+from pathlib import Path
 
+from flask import current_app as app
 from sqlalchemy import func, event
 
 from app import db
@@ -37,7 +39,10 @@ def path(self):
         return f'{self.user.storage_directory()}/{self.slug}'
 
     def response_mimetype(self):
-        # TODO: Implement sending of certain file types as text/plain.
+        extension = Path(self.path()).suffix
+        if extension and extension.lstrip('.') in app.config['PLAINTEXT_TYPES']:
+            return 'text/plain'
+
         return self.server_mimetype
 
 
diff --git a/app/views/api.py b/app/views/api.py
index 03a4c15..5b5d18f 100644
--- a/app/views/api.py
+++ b/app/views/api.py
@@ -33,7 +33,7 @@
 @login_required
 @csrf.exempt
 def upload():
-    form = UploadForm(request.files, csrf_enabled=False)
+    form = UploadForm(request.files)
     if not form.validate_on_submit():
         return jsonify({'errors': form.errors})