Forums

Flask_security for login

Hi,

I followed article on https://pythonhosted.org/Flask-Security/quickstart.html. It does not seem to mention about CSRF unlike flask-login ... Is it that CSRF is handled automatically if you choose Flask-Security?

deleted-user-1566537 | 55 posts | Aug. 17, 2016, 6:54 p.m. | permalink

No I think it is not handled (but not 100% sure).

Staff conrad | 4232 posts | PythonAnywhere staff | Aug. 18, 2016, 10:09 a.m. | permalink

I do see a hidden csrf in /register form. Is it only needed for register?

deleted-user-1566537 | 55 posts | Aug. 18, 2016, 2:39 p.m. | permalink

You should really be including it for any posts/requests that would change things.

Staff conrad | 4232 posts | PythonAnywhere staff | Aug. 18, 2016, 5:09 p.m. | permalink