You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When CSRF validation fails, it will raise a CSRFError.
However, this appears to only be true, if this optional code has been used:
from flask_wtf.csrf import CSRFProtect
csrf = CSRFProtect(app)
When that code is not used, forms are created by subclassing FlaskForm, and CSRF validation fails, then validate_on_submit returns False instead of raising CSRFError.
It seems that ideally you would always raise CSRFError for consistency, but if you don't want to do that, then it would be helpful to update the docs.
The text was updated successfully, but these errors were encountered:
It doesn't make sense to raise an unhandled exception during validation. I suppose the docs could be clearer that the extension raises the error, not forms. PRs welcome.
The Flask-WTF docs state:
However, this appears to only be true, if this optional code has been used:
When that code is not used, forms are created by subclassing
FlaskForm
, and CSRF validation fails, thenvalidate_on_submit
returns False instead of raisingCSRFError
.It seems that ideally you would always raise
CSRFError
for consistency, but if you don't want to do that, then it would be helpful to update the docs.The text was updated successfully, but these errors were encountered: