Skip to content

Force enable CSRF in flask WTForms

Looking at flask-wtf docs (https://flask-wtf.readthedocs.io/en/1.1.x/csrf/):

Any view using FlaskForm to process the request is already getting CSRF protection.

you could have an impression that using FlaskForm implies that CSRF is used.

In fact, we do send CSRF token in our form requests, but currently the token is not being checked on back end side.

CSRF must be enabled globally.