Kari Fox
Reputation: 59
Best way to set up CSRF
I have a Flask application running as an API on the backend and a frontend written in basic HTML and jQuery (NOT as a Jinja template). I'm trying to figure out the best way to enable some CSRF protection on the application, but everything I'm finding specifically calls for using Flask-WTF with Jinja forms. I really don't want to rewrite the entire frontend with Jinja, so what is the best way to do this?
Upvotes: 1
Views: 77
Answers (1)
Moses N. Njenga
Reputation: 771
This here might be close to what you are looking for
For views that don't use FlaskForm or that make AJAX requests, use the provided CSRF extension to protect those requests as well
from flask_wtf.csrf import CSRFProtect
csrf = CSRFProtect(app)
Render a hidden input with the token in the HTML form.
<form method="post">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
</form>
Upvotes: 3
Related Questions
- How to add csrf to flask app without wtforms?
- Implementing Cross-Domain CSRF Protection
- How to use Flask-WTForms CSRF protection with AJAX?
- CSRF protection with a React Form, a Flask server, and Flask-WTF
- Flask Preventing Form Injection
- flask and csrf token
- Jquery and Django CSRF Token
- Flask-Security CSRF token
- CSRF protection on AJAX authentication in Flask
- CSRF Protection without using template Engine- Javascript and Flask