not compatible with flask_wtf csrf.exmpt

Flask-Middleware / flask-security

Quick and simple security for Flask applications

MIT License

622 stars 154 forks source link

Closed knowledge-fusion closed 4 months ago

knowledge-fusion commented 4 months ago

exempted view of csrf checking is not handled. in flask_wtf/csrf.py. L238

   if dest in self._exempt_views:
                return

            self.protect()

for exempted view. g.csrf_valid = True is not set. subsequently, flask-security raise csrf token missing exception.