Flask-WTF SelectField with CSRF protection enabled

Where are you setting SECRET_KEY? It must be available either in the Form class:

class AddToReportForm(Form):    selectReportField = SelectField(u'Reports',choices=[('test1','test')])    SECRET_KEY = "myverylongsecretkey"    def __init__(self, *args, **kwargs):        """        Initiates a new user form object        :param args: Python default        :param kwargs: Python default        """        Form.__init__(self, *args, **kwargs)    def validate(self,id_list):        rv = Form.validate(self)        if not rv:            print False            #Check for the CSRF Token, if it's not there abort.            return False        return True

or in the application bootstrap:

app = Flask(__name__)app.secret_key = 'myverylongsecretkey'

or in the constructor:

form = AddToReportForm(secret_key='myverylongsecretkey')return render_template('random',title='add reports',form=form)

I still can't see any connection between SelectField and CSRF. The validate method is little suspicious and the extra argument would trip the following testcase, but as it stands this seems to work just fine:

from flask import Flask, render_template_stringfrom flaskext.wtf import Form, SelectFieldapp = Flask(__name__)app.debug = Trueapp.secret_key = 's3cr3t'class AddToReportForm(Form):    selectReportField = SelectField(u'Reports', choices=[('test1', 'test')])@app.route('/test', methods=['GET', 'POST'])def test():    form = AddToReportForm()    if form.validate_on_submit():        print 'OK'    return render_template_string('''\<form method=post name="test">{{ form.hidden_tag()}}{{ form.selectReportField }}<input type="submit"></form>''', form=form)app.run(host='0.0.0.0')

Recommended use:

app.secret_key = 'key here' # key user defined