Flask Preventing Form Injection Flask Preventing Form Injection flask flask

Flask Preventing Form Injection


python jquery flask csrf

app.py

from flask import Flask, request, render templatefrom flask_wtf.csrf import CSRFProtectapp = Flask(__name__)CSRFProtect(app)app.config['SECRET_KEY'] = 'somethignrandom'@app.route('/', methods=['GET','POST'])def helloworld():    if request.method == 'GET':        return render_template('index.html')     if request.method == 'POST': # anything post will autocheck csrf        print(request.form['info'])        ## do something with the info, like write to a database        return 'nothing'if __name__ == '__main__':    app.run(debug=True)

There is no need to pass the secret key to the html template, as CSRFProtect will automatically pass the secret key.

templates/index.html

<html><head><script src="//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script><meta name='csrf-token' content="{{ csrf_token() }}"><script type='text/javascript' src="{{ url_for('static', filename='js/fire.js') }}"></script></head><body><p>Hello world!</p></body></html>

script.js

$(document).click(function() {    // post data to flask    $.post('/', {'info': 'test', '_csrf_token':$('meta[name="csrf-token"]').attr('content')});    return false;};

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last