https://flask-wtf.readthedocs.io/en/v0.12/csrf.html
If the template has a form, you don’t need to do any thing. It is the same as before:
<form method="post" action="/">
{{ form.csrf_token }}
</form>
But if the template has no forms, you still need a csrf token:
<form method="post" action="/">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
</form>
No comments:
Post a Comment