Why is CSRF session token is missing in Flask WTF?

A

Alexander Pavlov2021-08-24 21:40:50

Flask

Alexander Pavlov, 2021-08-24 21:40:50

There is a simple WTF form class:

class LoginForm()

class LoginForm(FlaskForm):
    email = StringField("Email: ", validators=[Email()])
    password = PasswordField("Password: ", validators=[DataRequired(), Length(min=4, max=100)])
    submit = SubmitField("Войти")

There is a form:

HTML Form

<form action="/accounting" method="POST">
        {{ form.csrf_token }}
        {{ form.email.label() }} {{ form.email() }}
        {{ form.password.label() }} {{ form.password() }}
        {{ form.submit() }}
 </form>

I tried to specify in the HTML form {{ form.hidden_tag() }}

AND there is a function:

def login()

@app.route('/login', methods=['POST', 'GET'])
def login():
    if current_user.is_authenticated:
        return redirect('/accounting')
    form = LoginForm()
    if form.validate_on_submit():
        email = request.form['email']
        user = UserModel.query.filter_by(email=email).first()
        if user is not None and user.check_password(request.form['password']):
            login_user(user)
            return redirect('/accounting')

    return render_template('login.html', form=form)

I could not find an answer on the Internet that suits my case, so I'm asking here.

Why is there an error when submitting the form?

Bad Request
The CSRF session token is missing.

I sinned on nginx, but the same error appears on the local computer when running the program in PyCharm.