[英]CSRF Protection in a Flask Framework that uses Dash
这个问题建立在我之前关于破折号集成的问题之上。
当使用flask_wtf
模块激活CSRF 时,如何集成Dash 模块而不会因为缺少csrf 令牌而阻塞Dash 帖子?
from flask import Flask, request, render template
from flask_wtf.csrf import CSRFProtect
from dash import Dash
from dash.dependencies import Input, Output
app = Flask(__name__)
csrf = CSRFProtect(app)
app.config['SECRET_KEY'] = 'somethignrandom'
dapp = Dash(__name__, server=app, routes_pathname_prefix='/dash/')
dapp.layout = layoutfunction # this is left for your imagination
@app.route('/', methods=['GET','POST'])
def helloworld():
return render_template('index.html')
@app.route('/dash')
def dashing():
dapp.layout = layoutfunction
if __name__ == '__main__':
app.run(debug=True)
每当加载/dash
时,都会返回 404 错误。
来自: https : //github.com/plotly/dash/issues/308
添加以下行以从 csrf 令牌要求中豁免破折号:
from flask import Flask, request, render template
from flask_wtf.csrf import CSRFProtect
from dash import Dash
from dash.dependencies import Input, Output
app = Flask(__name__)
csrf = CSRFProtect(app)
app.config['SECRET_KEY'] = 'somethignrandom'
########## ADD THIS LINE
csrf._exempt_views.add('dash.dash.dispatch')
##########
dapp = Dash(__name__, server=app, routes_pathname_prefix='/dash/')
dapp.layout = layoutfunction # this is left for your imagination
@app.route('/', methods=['GET','POST'])
def helloworld():
return render_template('index.html')
@app.route('/dash')
def dashing():
dapp.layout = layoutfunction
if __name__ == '__main__':
app.run(debug=True)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.