CSRF Protection without using template Engine- Javascript and Flask
First you need to generate csrf token from server and client can get it through a simple request, then pass it back in post request. You can use below method to generate token.
flask_wtf.csrf.generate_csrf(secret_key=None, time_limit=None)
For example,
@app.route('/token')def token(): token=generate_csrf(time_limit=10) return jsonify({'token':token}), 201
Then post request with header 'X-CSRFToken'