Reputation: 99
"CSRF token missing" when using curl with a Flask app
I am trying to submit a form on a Flask app using curl. Unfortunately, I keep running into the "CSRF token missing" error.
I tried:
curl -X POST --form csrf_token=token --form [email protected] --form submit=submit {url} -v
I used a csrf_token from the app while I had it open in a browser. I also looked at https://flask-wtf.readthedocs.org/en/latest/csrf.html and tried to set X-CSRFToken in the header but still got the same error. Any suggestions for what is the correct way to use curl to feed the token to the flask app?
Upvotes: 0
Views: 3120
Answers (1)
Reputation: 22071
The problem is that you just sending token and flask cannot get your session which lives in browser cookie. So if you wish to access your view via curl it's not enough to pass token value within POST request, you have to attach cookie to. You can write cookie to local file with command:
curl -c /path/to/cookiefile {url}
Then modify it and send POST request to your server with attached cookie and token:
curl -b /path/to/cookiefile -X POST --form csrf_token=token --form [email protected] --form submit=submit {url} -v
Upvotes: 3
Related Questions
- performing HTTP requests with cURL (using PROXY)
- Flask-WTF: CSRF token missing
- Getting only response header from HTTP POST using cURL
- Flask-Security: CSRF SESSION Token Missing in Angular Request
- How to send a header using a HTTP request through a cURL call?
- Using cURL with a username and password?
- How do I POST JSON data with cURL?
- How do I measure request and response times at once using cURL?
- How to display request headers with command line curl