CSRF token missing in the first post request Flask
up vote
1
down vote
favorite
I am trying out flask, I have a form served from the following route:
@app.route("/register",methods=['GET','POST'])
def register():
form = RegistrationForm()
if form.validate_on_submit():
employee = Employee(name=form.name,emp_id=form.emp_id,email=form.email,password=form.password)
return redirect(url_for('home'))
return render_template('register.html',form=form)
I wanted to have client side validation just to check whether the entered email exists in the database. I tried submitting the email field to a different route which is given below to see how things work.
@app.route('/email',methods=['POST'])
def email():
print(request.form['email'])
return "success"
The following is my javascript code for ajax request which gets called when a blur event happens in the input field.
function emailSubmit(event) {
console.log($('#email').serialize());
$.ajax({
type: "POST",
url: url,
data: $('#email').serialize(), // serializes the form's elements.
success: function(data) {
console.log(data) // display the returned data in the console.
}
});
$.ajaxSetup({
beforeSend: function(xhr, settings) {
if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type) && !this.crossDomain) {
xhr.setRequestHeader("X-CSRFToken", csrfToken)
}
}
})
}
The javascript file is in the static folder and the url and csrf_token is supplied using global variables.
The issue is that on first post request to the route "email" I am getting a
Bad Request "The CSRF token is missing."
But everything works perfectly fine from the next post request onwards. The same csrf token is sent in the next request too. Why is this happening?
I have enabled csrf protection globally.
flask flask-wtforms
asked Nov 20 at 5:20
jibin mathew
7917
add a comment |
up vote
1
down vote
favorite
I am trying out flask, I have a form served from the following route:
@app.route("/register",methods=['GET','POST'])
def register():
form = RegistrationForm()
if form.validate_on_submit():
employee = Employee(name=form.name,emp_id=form.emp_id,email=form.email,password=form.password)
return redirect(url_for('home'))
return render_template('register.html',form=form)
I wanted to have client side validation just to check whether the entered email exists in the database. I tried submitting the email field to a different route which is given below to see how things work.
@app.route('/email',methods=['POST'])
def email():
print(request.form['email'])
return "success"
The following is my javascript code for ajax request which gets called when a blur event happens in the input field.
function emailSubmit(event) {
console.log($('#email').serialize());
$.ajax({
type: "POST",
url: url,
data: $('#email').serialize(), // serializes the form's elements.
success: function(data) {
console.log(data) // display the returned data in the console.
}
});
$.ajaxSetup({
beforeSend: function(xhr, settings) {
if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type) && !this.crossDomain) {
xhr.setRequestHeader("X-CSRFToken", csrfToken)
}
}
})
}
The javascript file is in the static folder and the url and csrf_token is supplied using global variables.
The issue is that on first post request to the route "email" I am getting a
Bad Request "The CSRF token is missing."
But everything works perfectly fine from the next post request onwards. The same csrf token is sent in the next request too. Why is this happening?
I have enabled csrf protection globally.
flask flask-wtforms
asked Nov 20 at 5:20
jibin mathew
7917
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I am trying out flask, I have a form served from the following route:
@app.route("/register",methods=['GET','POST'])
def register():
form = RegistrationForm()
if form.validate_on_submit():
employee = Employee(name=form.name,emp_id=form.emp_id,email=form.email,password=form.password)
return redirect(url_for('home'))
return render_template('register.html',form=form)
I wanted to have client side validation just to check whether the entered email exists in the database. I tried submitting the email field to a different route which is given below to see how things work.
@app.route('/email',methods=['POST'])
def email():
print(request.form['email'])
return "success"
The following is my javascript code for ajax request which gets called when a blur event happens in the input field.
function emailSubmit(event) {
console.log($('#email').serialize());
$.ajax({
type: "POST",
url: url,
data: $('#email').serialize(), // serializes the form's elements.
success: function(data) {
console.log(data) // display the returned data in the console.
}
});
$.ajaxSetup({
beforeSend: function(xhr, settings) {
if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type) && !this.crossDomain) {
xhr.setRequestHeader("X-CSRFToken", csrfToken)
}
}
})
}
The javascript file is in the static folder and the url and csrf_token is supplied using global variables.
The issue is that on first post request to the route "email" I am getting a
Bad Request "The CSRF token is missing."
But everything works perfectly fine from the next post request onwards. The same csrf token is sent in the next request too. Why is this happening?
I have enabled csrf protection globally.
flask flask-wtforms
asked Nov 20 at 5:20
jibin mathew
7917
I am trying out flask, I have a form served from the following route:
@app.route("/register",methods=['GET','POST'])
def register():
form = RegistrationForm()
if form.validate_on_submit():
employee = Employee(name=form.name,emp_id=form.emp_id,email=form.email,password=form.password)
return redirect(url_for('home'))
return render_template('register.html',form=form)
I wanted to have client side validation just to check whether the entered email exists in the database. I tried submitting the email field to a different route which is given below to see how things work.
@app.route('/email',methods=['POST'])
def email():
print(request.form['email'])
return "success"
The following is my javascript code for ajax request which gets called when a blur event happens in the input field.
function emailSubmit(event) {
console.log($('#email').serialize());
$.ajax({
type: "POST",
url: url,
data: $('#email').serialize(), // serializes the form's elements.
success: function(data) {
console.log(data) // display the returned data in the console.
}
});
$.ajaxSetup({
beforeSend: function(xhr, settings) {
if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type) && !this.crossDomain) {
xhr.setRequestHeader("X-CSRFToken", csrfToken)
}
}
})
}
The javascript file is in the static folder and the url and csrf_token is supplied using global variables.
The issue is that on first post request to the route "email" I am getting a
Bad Request "The CSRF token is missing."
But everything works perfectly fine from the next post request onwards. The same csrf token is sent in the next request too. Why is this happening?
I have enabled csrf protection globally.
flask flask-wtforms
flask flask-wtforms
asked Nov 20 at 5:20
jibin mathew
7917
asked Nov 20 at 5:20
jibin mathew
7917
asked Nov 20 at 5:20
jibin mathew
7917
asked Nov 20 at 5:20
jibin mathew
7917
asked Nov 20 at 5:20
jibin mathew
7917
7917
add a comment |
add a comment |
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53386663%2fcsrf-token-missing-in-the-first-post-request-flask%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
