librelist archives

« back to archive

Can you use flask-wtf CSRF protection in flask-admin?

Can you use flask-wtf CSRF protection in flask-admin?

From:
Tim Egbert
Date:
2013-11-06 @ 23:10
Is there a way to use flask-wtf CSRF protection in flask-admin?

I'm setting up admin pages for my web site using flask-admin. The main 
part of the web site uses flask-wtf with CSRF enabled. The admin portion 
seems to be working except that when I attempt to update the database 
using the form generated by flask-admin, I'm getting this error:

Bad Request
CSRF token missing or incorrect.

Here's some code that will recreate the problem:

https://gist.github.com/tegbert/7344107

Re: [flask] Can you use flask-wtf CSRF protection in flask-admin?

From:
Ramin Najjarbashi
Date:
2013-11-07 @ 00:21
for CSRF in wtf read this:
https://flask-wtf.readthedocs.org/en/latest/csrf.html

you can use "

@csrf.exempt

"
before

def init_admin(app):
   ....



On 7 November 2013 02:40, Tim Egbert <tim.egbert@chargeback.com> wrote:

> Is there a way to use flask-wtf CSRF protection in flask-admin?
>
> I'm setting up admin pages for my web site using flask-admin. The main
> part of the web site uses flask-wtf with CSRF enabled. The admin portion
> seems to be working except that when I attempt to update the database
> using the form generated by flask-admin, I'm getting this error:
>
> Bad Request
> CSRF token missing or incorrect.
>
> Here's some code that will recreate the problem:
>
> https://gist.github.com/tegbert/7344107
>
>

Re: [flask] Can you use flask-wtf CSRF protection in flask-admin?

From:
Tim Egbert
Date:
2013-11-07 @ 16:41
If can I do that, but I lose the CSRF protection that is built in to 
flask-wtf.

On 11/06/2013 05:21 PM, Ramin Najjarbashi wrote:
> for CSRF in wtf read this:
> https://flask-wtf.readthedocs.org/en/latest/csrf.html
>
> you can use "
> @csrf.exempt
> "
> before
> def init_admin(app):
>     ....
>
>
>
> On 7 November 2013 02:40, Tim Egbert <tim.egbert@chargeback.com 
> <mailto:tim.egbert@chargeback.com>> wrote:
>
>     Is there a way to use flask-wtf CSRF protection in flask-admin?
>
>     I'm setting up admin pages for my web site using flask-admin. The main
>     part of the web site uses flask-wtf with CSRF enabled. The admin
>     portion
>     seems to be working except that when I attempt to update the database
>     using the form generated by flask-admin, I'm getting this error:
>
>     Bad Request
>     CSRF token missing or incorrect.
>
>     Here's some code that will recreate the problem:
>
>     https://gist.github.com/tegbert/7344107
>
>