How do I get the CSRF token from Flask-wtf without jinja?

Question

All the docs and examples I can find insert the token using "{{ csrf_token() }}". I can't do this because I'm working inside Vue templates (Which don't get parsed by jinja)

My index.html file is parsed by Jinja so I suspect a solution may involve this but I don't know where to start.

Edit: If I put it in index.html with

 {{ csrf_token() }}

it appears as expected but I'm not sure how to get this into my forms/axios requests

Attack68 · Accepted Answer

You will have a basic jinja template that loads the page using Vue.

In my particular case this is how I do it:

For Dynamic Content:

index.html

{% block content %}
  
  
{% endblock %}

{% block scripts %}
  
{% endblock %}

(note two methods are used here; an element attribute and JQuery. Actually I use the JQuery method more frequently since it is more flexible with JSON data)

index.js

import Vue from 'vue'
import Index from '@/components/Index.vue'

new Vue({
  render: function (h) {
    return h(Index, {
      props: {
        backendData: this.$el.attributes.backendData.value,
        backendCurrentUser: $('#vue-container').data('backend_current_user'),
      }
    })
  }
}).$mount('#vue-container')

index.Vue

and then use this inside templates/mixins:

  methods: {
    ajax_: function (url, action, formData, cb) {
      // eslint-disable-next-line
      formData.csrf_token = $CSRF_TOKEN || null

How do I get the CSRF token from Flask-wtf without jinja?

Answers (1)

For Dynamic Content:

index.html

index.js

index.Vue

For Static Content:

base.html or index.html headers

Related Questions