缺少Flask-WTF CSRF令牌

时间:2017-09-29 22:29:29

标签: python flask csrf flask-wtforms

在记录了flask-wtf(v。0.14.2,python 3.4.6)here后,我对一个简单的CSRF token is missing事件做出反应时出现onchange 400错误单选按钮。

<script type="text/javascript">
// Send the status of the radio buttons using AJAX
function radio_changed(){
  var csrf_token = "{{ csrf_token() }}";

    $.ajaxSetup({
        beforeSend: function(xhr, settings) {
            if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type) && !this.crossDomain) {
                xhr.setRequestHeader("X-CSRFToken", csrf_token);
            }
        }
    });
    var radioValue = $("input[class=radios]:checked").val();
   //alert(radioValue);
   $.ajax({
                    url: '/_radio_update',
                    data: {value:radioValue},
                    type: 'POST',
                    success: function(response){
                            console.log(response);
                    },
                    error: function(error){
                            console.log(error);
                    }
            });
}
</script>

然后再

<form method=post action="">
{{ form.csrf_token }}
...
在烧瓶方面

...
from flask_wtf.csrf import CSRFProtect

app = Flask(__name__)
app.secret_key = 'shhhhhhh!'
csrf = CSRFProtect(app)

@app.route('/_radio_update', methods=['GET', 'POST'])
def _radio_update(radiostatus):
    print(radiostatus)
...
我错过了什么吗?

1 个答案:

答案 0 :(得分:3)

Forms导入的wtforms和从flask.ext.wtf导入的from wtforms import Form, RadioField, SubmitField, validators class InputForm(Form): ... 根据documentation末尾的注释导致的差异似乎不一致问题

在处理了弃用通知后,最后我更改了一行:

from wtforms import RadioField, SubmitField, validators
from flask_wtf import FlaskForm
class InputForm(FlaskForm):
...


data.table

这解决了我的问题。

相关问题
最新问题