fix: update scraper settings and modify scrape form to use POST method

web/app.py

@@ -272,12 +272,12 @@ def set_favorite(job_id):
         return jsonify({"status": "error", "message": str(e)}), 400
 
 
-# Exempt JSON favorite endpoint from CSRF (uses fetch without token). Consider
-# adding a token header client-side and removing this exemption later.
+# Exempt JSON favorite endpoint from CSRF (uses fetch without token).
+# TODO: add a token header client-side and remove this exemption
 csrf.exempt(set_favorite)
 
 
-@app.route('/scrape', methods=['GET'])
+@app.route('/scrape', methods=['POST'])
 def scrape():
     """Trigger the web scraping process with streaming output."""
     def generate():
@@ -290,6 +290,10 @@ def scrape():
     return Response(generate(), mimetype='text/plain')
 
 
+# TODO: add a token header client-side and remove this exemption
+csrf.exempt(scrape)
+
+
 @app.route('/scrape-page', methods=['GET'])
 def scrape_page():
     """Serve the scrape page with streaming output display."""
@@ -306,7 +310,7 @@ def login():
         if verify_user_credentials(username, password) or username:
             session['username'] = username
             flash('Logged in')
-            return redirect(url_for('admin_users'))
+            return redirect(url_for('index'))
         flash('Invalid credentials')
     return render_template('admin/login.html', title='Login')