I have a simple flask web app and I want to use flask_wtf csrf protection but whenever I try to run to submit the form I get an error saying I am missing the CSRF token.
Is it even possible to use csrf without wtf forms?
and if so what am I doing wrong?
my code:
app = Flask(__name__)
csrf = CSRFProtect(app)
@app.route("/reserve", methods=["GET", "POST"])
def reserve():
if request.method == "GET" :
return render_template("reserve.html", **context)
<form id="Reserve" action="/reserve" method="post">
<!-- csrf protection -->
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
<input type="text" placeholder="Name">
<button type="submit">
Submit
</button>
</form>
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…