Skip to content Skip to sidebar Skip to footer
Home / Csrf Protection / Flask / Flask Wtforms / Python / Wtforms

Generating A Csrf Token Manually With Flask Wtf-forms

Post a Comment
I'd like to create and fill out a Flask WTF-Form using only python code. However, the form doesn't automatically generate a CSRF token when I create it with python code. Is there

Solution 1:

You'd be effectively disabling CSRF protection by generating and passing a token to the form locally. It's only effective when the user submits a previously generated token.

Since you're not using CSRF protection, disable it. You can also pass request.args as the source of data.

form = URLForm(request.args, csrf_enabled=False)

If you want to use CSRF for this form, then the form needs to send the csrf_token field, which can be rendered with {{ form.csrf_token }} or {{ form.hidden_tag() }}.

Solution 2:

In newest version of flask_wtf (0.14.2) you can disable csrf token in this way.

form = URLForm(request.args, meta={'csrf': False})

You may like these posts

Post a Comment for "Generating A Csrf Token Manually With Flask Wtf-forms"