我正在尝试通过post方法使用扩展名flask-retful禁用某些请求,在文档中它告诉我如何禁用csrt但它不起作用,这些是我的文件
/app.py
from flask import Flask
from models.model import db
from Views.View import view
from api import restApi
from api import _csrfProtect
application = Flask(__name__)
application.config.from_object('config.developement')
#application.register_blueprint(view)
restApi.init_app(application)
_csrfProtect.init_app(application)
db.init_app(application)
/config/configuration.py
class developement(object):
DEBUG = True
SQLALCHEMY_DATABASE_URI = 'mysql:........'
SQLALCHEMY_TRACK_MODIFICATIONS = False
#SECRET_KEY = 'misecret'
WTF_CSRF_SECRET_KEY='secretKey'
#WTF_CSRF_CHECK_DEFAULT=False
WTF_CSRF_ENABLED = True
/forms/forms.py
from flask_wtf import FlaskForm,Form
from wtforms import StringField
class NewUser(FlaskForm):
name = StringField('name')
surname = StringField('surname')
email = StringField('email')
class Meta:
csrf=False
/api/api.py
from flask import jsonify,request
from .csrfProtect import _csrfProtect
from sqlalchemy.exc import IntegrityError
from models.model import db,Student
from forms import NewUser
from flask_restful import Resource,Api
restApi = Api()
class AddUser(Resource):
method_decorators = [_csrfProtect.exempt]
def post(self):
form = NewUser(request.POST)
if form.validate():
return jsonify(data='success')
else:
return jsonify(error=form.errors)
restApi.add_resource(AddDataUser,'/updatedata')
restApi.add_resource(AddUser,'/newuser')
/api/csrfProtect.py
from flask_wtf import CSRFProtect
_csrfProtect = CSRFProtect()
所有请求都是相同的
{
"message": "The CSRF token is missing."
}
并用于停用csrf
class Meta:
csrf=False
和
method_decorators = [_csrfProtect.exempt]
根据我发现的所有文档,我已经尝试了他所说的一切但没有任何结果,csrf始终处于活动状态。
答案 0 :(得分:0)
我已经解决了这一问题,方法是将视图或蓝图标记为不包含在CSRF保护中。
0x