How to disable csrf protection for particular routes in Flask-wtf

Flask-wtf recommends using @csrf.exempt to disable csrf protection for particular routes as in the case of APIs.

Now this is pretty confusing. What does csrf refers to?

If you inspect Flask-wtf you do see a csrf attribute

>>> import flask_wtf
>>> dir(flask_wtf)
['CSRFProtect', 'CsrfProtect', 'FlaskForm',
'Form', 'Recaptcha', 'RecaptchaField', 
'RecaptchaWidget', '__builtins__', '__cached__', 
'__doc__', '__file__', '__loader__', 
'__name__', '__package__', '__p
ath__', 
'__spec__', '__version__', '_compat', 
'absolute_import', 'csrf', 'fields', 
'form', 'recaptcha', 'validators', 
'widgets']
>>>

But it does not mean the above. It means what you defined as csrf.

from flask_wtf.csrf import CSRFProtect
csrf = CSRFProtect()

@some_blueprint.route("/myendpoint", methods=['POST'])
@csrf.exempt
def myfunc():
    pass

6 thoughts on “How to disable csrf protection for particular routes in Flask-wtf”

  1. I’m impressed, I have to admit. Seldom do I come across a blog that’s both equally educative and interesting, and let me tell you, you have hit the nail on the head. The issue is something that not enough people are speaking intelligently about. I am very happy that I stumbled across this during my hunt for something concerning this.

  2. You really make it appear really easy together with your presentation but I in finding this matter to be actually something that I feel I might by no means understand. It seems too complex and extremely broad for me. I’m looking ahead on your next publish, I’ll try to get the hang of it!

  3. Thanks for the marvelous posting! I really enjoyed reading it, you happen to be a great author.I will always bookmark your blog and will come back someday. I want to encourage you continue your great writing, have a nice day!

  4. When I originally commented I clicked the “Notify me when new comments are added” checkbox and now each time a comment is added I get several emails with the same comment. Is there any way you can remove me from that service? Thank you!

  5. Please let me know if you’re looking for a writer for your site. You have some really good posts and I believe I would be a good asset. If you ever want to take some of the load off, I’d absolutely love to write some content for your blog in exchange for a link back to mine. Please shoot me an email if interested. Regards!

Leave a Comment

Your email address will not be published. Required fields are marked *