如何使用 flask-wtf 为 rest api 禁用视图的 csrf?
How to disable csrf for a view with flask-wft for a restapi?
我在使用 flask-wtf 为 restapi 禁用 csrf 时遇到问题。问题类似于此处:Flask-Restful POST fails due CSRF protection of Flask-WTF,但我使用的是 flask original 而不是 flask-restful。
我用的是@csrf.exemptdecorator,和文档里的一模一样,但是还是不能禁用csrf。这是我的代码,你知道问题出在哪里吗?
myApp.py
from flask import Flask, request, jsonify
from flask_sqlalchemy import SQLAlchemy
from flask_wtf import FlaskForm
from wtforms import StringField
from flask_wtf.csrf import CSRFProtect
app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///test.db'
app.config['SECRET_KEY'] = "secret"
db = SQLAlchemy(app)
csrf = CSRFProtect(app) # initialize the csrf protect
class User(db.Model):
id = db.Column(db.Integer, primary_key=True)
username = db.Column(db.String())
class myForm(FlaskForm):
username = StringField("user name")
@app.route("/check", methods=['POST'])
@csrf.exempt # why this code doesn't work???!!! :(
def check():
form = myForm(request.form)
if form.validate():
user = User(username=form.username.data)
db.session.add(user)
db.session.commit()
return jsonify(message="user saved!"), 200
else:
return jsonify(message=form.errors), 404
if __name__ == '__main__':
app.run(debug=True)
我的邮递员总是return:
{
"message": {
"csrf_token": [
"The CSRF token is missing."
]
}
}
FlaskForm.validate() 似乎是返回该错误的那个,即 try
form = myForm(request.form, csrf_enabled=False)
或
class myForm(FlaskForm):
class Meta:
csrf = False
username = StringField("user name")
因为 csrf_enabled 似乎已被弃用。
来自文档
Any view using FlaskForm to process the request is already getting CSRF protection.
您可以在构造函数中将 meta={'csrf': False} 作为参数传递
form = myForm(request.form, meta={'csrf': False})
我在使用 flask-wtf 为 restapi 禁用 csrf 时遇到问题。问题类似于此处:Flask-Restful POST fails due CSRF protection of Flask-WTF,但我使用的是 flask original 而不是 flask-restful。
我用的是@csrf.exemptdecorator,和文档里的一模一样,但是还是不能禁用csrf。这是我的代码,你知道问题出在哪里吗?
myApp.py
from flask import Flask, request, jsonify
from flask_sqlalchemy import SQLAlchemy
from flask_wtf import FlaskForm
from wtforms import StringField
from flask_wtf.csrf import CSRFProtect
app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///test.db'
app.config['SECRET_KEY'] = "secret"
db = SQLAlchemy(app)
csrf = CSRFProtect(app) # initialize the csrf protect
class User(db.Model):
id = db.Column(db.Integer, primary_key=True)
username = db.Column(db.String())
class myForm(FlaskForm):
username = StringField("user name")
@app.route("/check", methods=['POST'])
@csrf.exempt # why this code doesn't work???!!! :(
def check():
form = myForm(request.form)
if form.validate():
user = User(username=form.username.data)
db.session.add(user)
db.session.commit()
return jsonify(message="user saved!"), 200
else:
return jsonify(message=form.errors), 404
if __name__ == '__main__':
app.run(debug=True)
我的邮递员总是return:
{
"message": {
"csrf_token": [
"The CSRF token is missing."
]
}
}
FlaskForm.validate() 似乎是返回该错误的那个,即 try
form = myForm(request.form, csrf_enabled=False)
或
class myForm(FlaskForm):
class Meta:
csrf = False
username = StringField("user name")
因为 csrf_enabled 似乎已被弃用。
来自文档
Any view using FlaskForm to process the request is already getting CSRF protection.
您可以在构造函数中将 meta={'csrf': False} 作为参数传递
form = myForm(request.form, meta={'csrf': False})