Add abs_url_samesite

app/blueprints/report/__init__.py

@@ -19,14 +19,13 @@ from flask_babel import lazy_gettext
 from flask_login import current_user
 from flask_wtf import FlaskForm
 from werkzeug.utils import redirect
-from wtforms import TextAreaField, SubmitField, BooleanField
-from wtforms.fields.html5 import URLField
-from wtforms.validators import InputRequired, Optional, Length
+from wtforms import TextAreaField, SubmitField
+from wtforms.validators import InputRequired, Length
 
 from app.models import User, UserRank
 from app.tasks.emails import send_user_email
 from app.tasks.webhooktasks import post_discord_webhook
-from app.utils import isYes, isNo, abs_url
+from app.utils import isNo, abs_url_samesite
 
 bp = Blueprint("report", __name__)
 
@@ -42,7 +41,7 @@ def report():
 
 	url = request.args.get("url")
 	if url:
-		url = abs_url(url)
+		url = abs_url_samesite(url)
 
 	form = ReportForm(formdata=request.form)
 	if form.validate_on_submit():

app/utils/flask.py

@@ -15,7 +15,7 @@
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 
-from urllib.parse import urljoin, urlparse
+from urllib.parse import urljoin, urlparse, urlunparse
 
 import user_agents
 from flask import request, abort
@@ -40,6 +40,10 @@ def abs_url_for(endpoint: str, **kwargs):
 def abs_url(path):
 	return urljoin(app.config["BASE_URL"], path)
 
+def abs_url_samesite(path):
+	base = urlparse(app.config["BASE_URL"])
+	return urlunparse(base._replace(path=path))
+
 def url_current(abs=False):
 	args = MultiDict(request.args)
 	dargs = dict(args.lists())