Flask WTF CSRF session token missing, secret_key not found
{{ form.hidden_tag() }}
should expand into something like
<input id="csrf_token" name="csrf_token" type="hidden" value="... long string ...">
If you're not seeing that, double-check how you've set up the configuration parts of your app. Aside from SECRET_KEY
, are you setting any of the WTF_
options?
You'll probably want to remove {{ form.csrf_token() }}
No X-
headers are involved. (I did a quick check on one of my apps, in case I'd forgotten something.)
I met "The CSRF token is missing" issue yesterday and fortunately, I've found the cause for my case. I've deployed my Flask app on Gunicorn + Nginx using sync workers configuration following by this instruction and that's the problem. Flask is NOT working with Gunicorn's sync workers, so moving to threads has resolved my issue.
gunicorn --workers 1 --threads 3 -b 0.0.0.0:5000 wsgi:app