Flask-WTF CSRF 令牌丢失
Flask-WTF CSRF token is missing
根据 flask-wtf (v. 0.14.2, python 3.4.6) here 的文档,我在对 [=14 做出反应时收到 CSRF token is missing 400 错误=] 来自简单单选按钮的事件。
<script type="text/javascript">
// Send the status of the radio buttons using AJAX
function radio_changed(){
var csrf_token = "{{ csrf_token() }}";
$.ajaxSetup({
beforeSend: function(xhr, settings) {
if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type) && !this.crossDomain) {
xhr.setRequestHeader("X-CSRFToken", csrf_token);
}
}
});
var radioValue = $("input[class=radios]:checked").val();
//alert(radioValue);
$.ajax({
url: '/_radio_update',
data: {value:radioValue},
type: 'POST',
success: function(response){
console.log(response);
},
error: function(error){
console.log(error);
}
});
}
</script>
然后
<form method=post action="">
{{ form.csrf_token }}
...
在烧瓶方面:
...
from flask_wtf.csrf import CSRFProtect
app = Flask(__name__)
app.secret_key = 'shhhhhhh!'
csrf = CSRFProtect(app)
@app.route('/_radio_update', methods=['GET', 'POST'])
def _radio_update(radiostatus):
print(radiostatus)
...
我是不是漏了什么?
从 wtforms 导入的 Forms 和从 flask.ext.wtf 导入的 Forms 似乎有区别,根据 documentation 末尾的注释导致问题。
处理弃用通知后,最后我更改了行:
from wtforms import Form, RadioField, SubmitField, validators
class InputForm(Form):
...
到
from wtforms import RadioField, SubmitField, validators
from flask_wtf import FlaskForm
class InputForm(FlaskForm):
...
这解决了我的问题。
根据 flask-wtf (v. 0.14.2, python 3.4.6) here 的文档,我在对 [=14 做出反应时收到 CSRF token is missing 400 错误=] 来自简单单选按钮的事件。
<script type="text/javascript">
// Send the status of the radio buttons using AJAX
function radio_changed(){
var csrf_token = "{{ csrf_token() }}";
$.ajaxSetup({
beforeSend: function(xhr, settings) {
if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type) && !this.crossDomain) {
xhr.setRequestHeader("X-CSRFToken", csrf_token);
}
}
});
var radioValue = $("input[class=radios]:checked").val();
//alert(radioValue);
$.ajax({
url: '/_radio_update',
data: {value:radioValue},
type: 'POST',
success: function(response){
console.log(response);
},
error: function(error){
console.log(error);
}
});
}
</script>
然后
<form method=post action="">
{{ form.csrf_token }}
...
在烧瓶方面:
...
from flask_wtf.csrf import CSRFProtect
app = Flask(__name__)
app.secret_key = 'shhhhhhh!'
csrf = CSRFProtect(app)
@app.route('/_radio_update', methods=['GET', 'POST'])
def _radio_update(radiostatus):
print(radiostatus)
...
我是不是漏了什么?
从 wtforms 导入的 Forms 和从 flask.ext.wtf 导入的 Forms 似乎有区别,根据 documentation 末尾的注释导致问题。
处理弃用通知后,最后我更改了行:
from wtforms import Form, RadioField, SubmitField, validators
class InputForm(Form):
...
到
from wtforms import RadioField, SubmitField, validators
from flask_wtf import FlaskForm
class InputForm(FlaskForm):
...
这解决了我的问题。