Héllo, I'm looking for some help to protect my ajax calls. I read up the example in the django documentation [0] but I'm kind of stuck and don't know how I can apply that in flask ? Anybody experienced in solving this issue ? Thanks in advance. [0] http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax
Hello Amirouche Flask-WTF (http://pypi.python.org/pypi/*Flask*-*WTF**, * http://packages.python.org/Flask-WTF/*) *includes csrf functionality, and more. Mayowa *Aut viam inveniam aut faciam ...* On Mon, May 16, 2011 at 10:22 PM, Amirouche Boubekki < amirouche.boubekki@gmail.com> wrote: > Héllo, > > I'm looking for some help to protect my ajax calls. I read up the example > in the django documentation [0] but I'm kind of stuck and don't know how I > can apply that in flask ? > > Anybody experienced in solving this issue ? > > Thanks in advance. > > [0] http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax >
Hello Mayowa, I know about Flask-WTF and even Flask-csrf but I don't know how in the precise case of ajax submission I should use them. abki 2011/5/17 Mayowa Akinyemi <mayowa@gmail.com> > Hello Amirouche > > Flask-WTF (http://pypi.python.org/pypi/*Flask*-*WTF**, * > http://packages.python.org/Flask-WTF/*) *includes csrf functionality, and > more. > > > Mayowa > *Aut viam inveniam aut faciam ...* > > > > On Mon, May 16, 2011 at 10:22 PM, Amirouche Boubekki < > amirouche.boubekki@gmail.com> wrote: > >> Héllo, >> >> I'm looking for some help to protect my ajax calls. I read up the example >> in the django documentation [0] but I'm kind of stuck and don't know how I >> can apply that in flask ? >> >> Anybody experienced in solving this issue ? >> >> Thanks in advance. >> >> [0] http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax >> > >
Abki, Not sure I follow - but you submit the form the same as without Ajax, which means you must submit the CRSF input value as well as the other form values. No magic, submit all the form values and you should be fine. Ross On Tue, May 17, 2011 at 8:23 AM, Amirouche Boubekki < amirouche.boubekki@gmail.com> wrote: > Hello Mayowa, > > I know about Flask-WTF and even Flask-csrf but I don't know how in the > precise case of ajax submission I should use them. > > abki > > 2011/5/17 Mayowa Akinyemi <mayowa@gmail.com> > >> Hello Amirouche >> >> Flask-WTF (http://pypi.python.org/pypi/*Flask*-*WTF**, * >> http://packages.python.org/Flask-WTF/*) *includes csrf functionality, and >> more. >> >> >> Mayowa >> *Aut viam inveniam aut faciam ...* >> >> >> >> On Mon, May 16, 2011 at 10:22 PM, Amirouche Boubekki < >> amirouche.boubekki@gmail.com> wrote: >> >>> Héllo, >>> >>> I'm looking for some help to protect my ajax calls. I read up the example >>> in the django documentation [0] but I'm kind of stuck and don't know how I >>> can apply that in flask ? >>> >>> Anybody experienced in solving this issue ? >>> >>> Thanks in advance. >>> >>> [0] http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax >>> >> >> >
2011/5/17 Ross Lawley <ross.lawley@gmail.com> > Abki, > > Not sure I follow - but you submit the form the same as without Ajax, which > means you must submit the CRSF input value as well as the other form values. > No magic, submit all the form values and you should be fine. > > Ross > Ross, the thing is that the crsf token then should be invalid and I can not submit the form again. If then I have to return a new csrf token ? it's seems like it. Abki. > On Tue, May 17, 2011 at 8:23 AM, Amirouche Boubekki < > amirouche.boubekki@gmail.com> wrote: > >> Hello Mayowa, >> >> I know about Flask-WTF and even Flask-csrf but I don't know how in the >> precise case of ajax submission I should use them. >> >> abki >> >> 2011/5/17 Mayowa Akinyemi <mayowa@gmail.com> >> >>> Hello Amirouche >>> >>> Flask-WTF (http://pypi.python.org/pypi/*Flask*-*WTF**, * >>> http://packages.python.org/Flask-WTF/*) *includes csrf functionality, >>> and more. >>> >>> >>> Mayowa >>> *Aut viam inveniam aut faciam ...* >>> >>> >>> >>> On Mon, May 16, 2011 at 10:22 PM, Amirouche Boubekki < >>> amirouche.boubekki@gmail.com> wrote: >>> >>>> Héllo, >>>> >>>> I'm looking for some help to protect my ajax calls. I read up the >>>> example in the django documentation [0] but I'm kind of stuck and don't know >>>> how I can apply that in flask ? >>>> >>>> Anybody experienced in solving this issue ? >>>> >>>> Thanks in advance. >>>> >>>> [0] http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax >>>> >>> >>> >> >
On Tue, May 17, 2011 at 5:36 AM, Amirouche Boubekki < amirouche.boubekki@gmail.com> wrote: > 2011/5/17 Ross Lawley <ross.lawley@gmail.com> > >> Abki, >> >> Not sure I follow - but you submit the form the same as without Ajax, >> which means you must submit the CRSF input value as well as the other form >> values. No magic, submit all the form values and you should be fine. >> >> Ross >> > > Ross, > > the thing is that the crsf token then should be invalid and I can not > submit the form again. If then I have to return a new csrf token ? > > it's seems like it. > You can generate the new token as part of the AJAX call and update the input[name=csrf] values as part of the callback. That's what I do anyway. Ken