Skip to content
Advertisement

Flask form validation – CSRF token middleware

I have an html form, and I would like to insure that all submissions come from my website. I think I have seen people using a key for this (I believe this happens in Django?), and might have some ideas on how to go with that. Is there any standard way to do this in Flask?

Edit: Now I know I’m talking about CSRF token middleware. Again, is there any standard way of doing this in Flask? How can I store the key on the server side?

Advertisement

Answer

In flask you can do CSRF protection using Flask-SeaSurf.There are other methods also but it is straight forward.

To start Just do pip install flask-seasurf and you are ready

import Flask
from flask_seasurf import SeaSurf

app = Flask(__name__)
csrf = SeaSurf(app)

<form method="POST">
    ...
    <input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
</form>

@csrf.exempt
@app.route('/exempt_view', methods=['POST'])
def exempt_view():
    '''This view is exempted from CSRF validation.'''
    return 'foobar'

For more information you can visit official website

Please mark this as answer if this solves you problem.

User contributions licensed under: CC BY-SA
6 People found this is helpful
Advertisement