Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

csrf_token is still needed by FlaskForm if you @csrf.exempt a view #361

Open
return1 opened this issue Feb 28, 2019 · 0 comments
Open

csrf_token is still needed by FlaskForm if you @csrf.exempt a view #361

return1 opened this issue Feb 28, 2019 · 0 comments
Labels

Comments

@return1
Copy link

return1 commented Feb 28, 2019

If i @csrf.exempt a view which uses a FlaskForm, the csrf token is still required by the Form. I manually have to set g.csrf_valid = True.

Maybe csrf_protect should set g.csrf_valid if the blueprint or view was exempted. Or another flag is introduced like g.exempt.

Do you like a pull request for one of the options?

@azmeuk azmeuk added the csrf label Jul 29, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

2 participants