CSRF protection on AJAX authentication in Flask CSRF protection on AJAX authentication in Flask flask flask

CSRF protection on AJAX authentication in Flask


python ajax flask csrf

You can get the convenience of flask-wtf without all the heaviness, and without rolling your own:

from flask_wtf.csrf import CsrfProtect

then on init, either:

CsrfProtect(app)

or:

csrf = CsrfProtect()def create_app():    app = Flask(__name__)    csrf.init_app(app)

The token will then be available app-wide at any point, including via jinja2:

<form method="post" action="/">  <input type="hidden" name="csrf_token" value="{{ csrf_token() }}" /></form>

(via the docs)

python ajax flask csrf

I think your problem is os.urandom function. The result of this function can contains symbols which not will parse properly in html. So when you insert csrf_token in html and don't do any escaping, you have the described problem.

How to fix.Try to escape csrf_token in html (see docs) or use another approach for generating csrf token. For example using uuid:

import uuid...def generate_random_string():    return str(uuid.uuid4())...

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last