Jenny B
Reputation: 189
Flask-WTF CSRFProtect gives "400 The CSRF Token is missing" error
I am trying to add CSRF token protection using Flask-WTF's CSRFProtect extension. The app isn't using WTForms except for this CSRF protection.
I followed the docs but I get "400 Bad Request The CSRF token is missing".
from flask_wtf.csrf import CSRFProtect
csrf = CSRFProtect(app)
I put the following in the templates (with form or without a form) but I get the same error.
<form method="post">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
</form>
Upvotes: 7
Views: 17865
Answers (1)
turdus-merula
Reputation: 8854
As described in this answer, inspect the actual CSFR validation flow:
You can debug the validation in
flask_wtf/csrf.pyfile, in thevalidate_csrf()function.
For me, the issue was caused by a recent update of Flask and Flask-WTF. I solved it by removing all the .pyc files in the project. However, I don't know the actual root cause in my case.
find . -name '*.pyc' -delete
Later edit:
- update to latest versions of Flask, Flask-WTF;
- on your development environment, if using HTTP instead of HTTPS, make sure
SESSION_COOKIE_SECUREis not set toTrue. See this.
Upvotes: 7
Related Questions
- Flask-WTF: CSRF token missing
- CSRF Token Error when using gunicorn and Flask
- Bad Request | CSRF Token Not Found | CSRF Handling for Flask WTF
- Flask_form : CSRF Token do not match
- The CSRF token is missing - Flask WTForms Python
- How to fix "The CSRF token is missing" in Flask-WTForms
- Flask-WTF throws error when csrf_enabled is True (SECRET_KEY is set)
- Flask-WTF CSRF token is missing
- Flask-WTF CSRF token error when on Docker
- CSRF Token Missing Python Flask