csrf token missing for hx-post calls

[bbbart]

When mixing flask-htmx and flask-wtf with CSRF_ENABLED, all hx-post stop working because of a missing CSRF token. bootstrap-flask suffers the same problem (with POST actions in autorendered

s), but seems to fix it by relying on CSRFProtect, bundled with flask-wtf (see https://bootstrap-flask.readthedocs.io/en/stable/macros/#render-table).

I'm not sure if it's the job of this extension, but it would be great if somehow this problem is made to automagically disappear when using this module in a flask/htmx project.

bbbart commented 1 year ago

although it seems that Django-HTMX is also relying on the template implementation to resolve it: https://django-htmx.readthedocs.io/en/latest/tips.html#make-htmx-pass-the-csrf-token

edmondchuc commented 1 year ago

Yes, I think passing the CSRF token to the template inside a hx-headers attribute is the best approach, as suggested by django-htmx.

bbbart commented 1 year ago

got it!

• © Githubissues.
• Githubissues is a development platform for aggregating issues.

[bbbart]

although it seems that Django-HTMX is also relying on the template implementation to resolve it: https://django-htmx.readthedocs.io/en/latest/tips.html#make-htmx-pass-the-csrf-token

[edmondchuc]

Yes, I think passing the CSRF token to the template inside a hx-headers attribute is the best approach, as suggested by django-htmx.

[bbbart]

got it!