Hi,
I followed article on https://pythonhosted.org/Flask-Security/quickstart.html. It does not seem to mention about CSRF unlike flask-login ... Is it that CSRF is handled automatically if you choose Flask-Security?
Hi,
I followed article on https://pythonhosted.org/Flask-Security/quickstart.html. It does not seem to mention about CSRF unlike flask-login ... Is it that CSRF is handled automatically if you choose Flask-Security?
No I think it is not handled (but not 100% sure).
I do see a hidden csrf in /register form. Is it only needed for register?
You should really be including it for any posts/requests that would change things.