使用CSRF保护与WTForms-Alchemy
[英]Using CSRF protection with WTForms-Alchemy
问题描述
I have a web application with 3 forms. 
我有一个包含3个表单的Web应用程序。 2 inherit from flask_wtf.form.Form which by itself inhertis from WTForms SecureForm. 2继承自于flask_wtf.form.Form,它本身来自WTForms SecureForm。 This means these forms have automatic CSRF protection. 这意味着这些表单具有自动CSRF保护。
The 3rd form inherits its properties from a model object and as such inherits from wtforms_alchemy.ModelForm which by itself inherits from wtforms.Form. 第三种形式从模型对象继承其属性,因此继承自wtforms_alchemy.ModelForm,它本身继承自wtforms.Form。
How can I add CSRF protection to this last form? 如何在最后一个表单中添加CSRF保护?
2 个解决方案
解决方案1
3 已采纳 2016-02-09 04:20:35
What worked for me was mixing in Form from flask_wtf package. 对我有用的是从flask_wtf包中混合Form。
from flask_wtf import Form
class YourForm(ModelForm, Form):
Results in also have a valid hidden CSRF token. 结果还有一个有效的隐藏CSRF令牌。
解决方案2
0 2018-02-02 23:42:54
What worked for me was mixing in configure flask_wtf.csrf from flask_wtf package. 对我来说有用的是在flask_wtf包中配置flask_wtf.csrf。
py PY
from flask_wtf.csrf import CSRFProtect
....
csrf = CSRFProtect(app)
class UserForm(ModelForm):
class Meta:
model = User
....
userform = UserForm()
html HTML
<form method="post">
{{ userform.csrf_token }}
{{ userform.userform }}
<input type="submit" name="submit">
</form>
Results in also have a valid hidden CSRF token. 结果还有一个有效的隐藏CSRF令牌。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.