CSRF protection with WTForm | Flask

by: SarefMet, 9 years ago

Last edited: 9 years ago

Hello!
The documentaton of WTForms says that i must add to my html template this code:
<form method="post" action="/">
    <input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
</form>

Even if I do not have any forms in template.
And when I tried to look up the page code in browser I found this:
<form method="post" action="/">
            <input type="hidden" name="csrf_token" value="1455814605##6afd8f961cdc1d577baa4db837b1d590e04683a9" />
</form>

Is this right?
Can anyone use value of input tag to do something bad?

Thanks :)


You must be logged in to post. Please login or register an account.



Looks correct to me. No, that value is not something you have to worry about people "viewing the source" and seeing.

-Harrison 9 years ago

You must be logged in to post. Please login or register an account.

Thank you for your help :)

-SarefMet 9 years ago

You must be logged in to post. Please login or register an account.