I have a Flask app with a login functionality. It works in Chrome and Firefox on my PC and I am able to login. However I get a "The CSRF session token is missing" on Edge and Chrome. Chrome is on my mobile phone. I have read through many forums and can summarise my implementation as follows,
I have enable CSRF globally in my init.py
from flask_wtf.csrf import CSRFProtect
csrf = CSRFProtect()
csrf.init_app(app)
I have added it to my templates and I can also see the token when I view the HTML in view source.
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
<input type="hidden" name="csrf_token" value="IjdhMGM5MjAyMGViZWI0ZjkxM2U2ZjQwOGI2YWI1YTI5ZmNiZjZmYTYi.YLZA9Q.fkFgK5gN6x0LryFCqbwHLIjKxTg"/>
I have also added the below to my config
SERVER_NAME = 'flaskcms.pythonanywhere.com'
My secret key is also set. It is so wierd that it works on 2 browsers (Chrome & Firefox) but fails with a 400 bad request error - "The CSRF session token is missing" on Edge (PC) and Chrome (mobile app).
Have anyone experienced similar or have any ideas? Thanks