Looking for some help, clarity and to maybe get pointed in the right direction regarding python flask wtforms and flask jwt extended.
I have a login route that works just fine. My protected GET routes work fine as well. However, when I submit a post request, I get this error: flask_jwt_extended.exceptions.CSRFError: Missing CSRF token
My session has the csrf token because of flaskform. My cookie storage has csrf_access_token as well.
It works for unprotected routes like login and contact.
# Login
@app.route('/login', methods=['GET', 'POST'])
def login():
form=LoginForm()
print(session)
if form.validate_on_submit():
data = request.form
email = data['email']
password = data['password']
user = User.query.filter_by(email=email).first()
if user and check_password_hash(user.password, password):
# # Check if user verified their email
# if user.email_verified == False:
# # Allow user to request another email
# return redirect(url_for('verify_email'))
access_token = create_access_token(identity=user.id)
refresh_token = create_refresh_token(identity=user.id)
# Update last_login_datea
user.last_login = datetime.utcnow()
db.session.commit()
response = make_response(redirect(url_for('solarsearch')))
response.set_cookie('access_token_cookie', access_token) # set the token as a cookie
response.set_cookie('refresh_token_cookie', refresh_token) # set the refresh token as a cookie
session['logged_in'] = True
session['login_message'] = None
return response
However, for a route like this;
@jwt_required_and_not_revoked
def post(self):
form = SolarSearchForm()
print(form)
if form.validate_on_submit():
It just fails and throws missing csrf token.
I'm starting to wonder if there's a mix-up somewhere but unsure how to begin debugging.
Removed JWT CSRF Protection app.config['JWT_COOKIE_CSRF_PROTECT'] = False # Enable CSRF protection for cookies
This solved my issue. Only using FlaskForm CSRF protection now.